Supercharge Your SOC with Sysmon
Offered By: YouTube
Course Description
Overview
Learn how to enhance your Security Operations Center (SOC) using Sysmon in this conference talk from BSidesPhilly 2017. Explore endpoint visibility, Sysmon configuration, log transportation, and SIEM integration. Discover techniques for detecting various malicious activities, including Word macro payloads, PowerShell execution, physical attacks, lateral movement, and credential dumping. Gain insights into investigation methods using PowerShell and Excel, and learn about advanced analytics with Spoor. Get practical advice on implementing Sysmon to improve your organization's security posture.
Syllabus
Intro
What's happening on our endpoints?
Sysmon Visibility
Getting Started with Sysmon
Swift vs. SIG Sysmon Config
Transporting Logs with WEC
SIEM Integration
What kinds of badness can we detect?
Malicious Microsoft Word Macro Payload
Malicious PowerShell Execution
Rubber Ducky and Mouse Jacking Attacks
Sticky Keys Attack
Lateral Movement with WMI
Lateral Movement with PsExec
Lateral Movement with Sneaky PsExec
Dumping Credentials from Memory
Investigation with PowerShell & Excel
Malspam with Word Macro
Malspam SIEM Alert
Getting Sysmon Events via PowerShell
Adding Sysmon Fields to Events Properties
Interacting with Excel via PowerShell
Advanced Analytics with Spoor
How can you get started with Sysmon?
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube