YoVDO

Windows Event Logs - Zero to Hero

Offered By: YouTube

Tags

Conference Talks Courses Cybersecurity Courses PowerShell Courses Security BSides Courses Windows Security Courses Windows Event Logs Courses

Course Description

Overview

Explore Windows Event Logs in-depth through this 48-minute conference talk from BSides Detroit 2017. Learn about Windows Event Forwarding, setting up a Cuckoo Malware Lab, and the differences between alerting and exploring. Dive into practical examples including Deep Panda analysis, task scheduling, bad login detection, and PowerShell monitoring. Discover techniques for wireless attack detection, event tracing, and effective log monitoring strategies. Gain insights on recommended Group Policy Objects (GPOs) and valuable tips for handling one-offs and gotchas in Windows event logging.

Syllabus

Windows Event Logs? Really?
#1 Most Important Prereq
Windows Event Forwarding
Description of our Cuckoo Malware Lab
Alerting vs. Exploring
Continued... (Deep Panda Sample)
Task Scheduling (4698 OR 106)
Bad Logins (4776)
Event Tracing for Windows
PowerShell
Wireless Attacks & Misuse
Few More Hunting Possibilities
Monitor Your Monitoring
One-offs, Gotchas, and Recommendations
Recommended GPOS
Questions?


Related Courses

OS Analysis with HELK
Pluralsight Building PowerShell Security Tools in a Windows Environment
Pluralsight Threat Hunting with Windows Event Forwarding
Cybrary Windows Event Logs - Zero to Hero
YouTube A New Secret Stash For Fileless Malware
nullcon via YouTube