Intrusion Hunting for the Masses - A Practical Guide
Offered By: YouTube
Course Description
Overview
Explore practical techniques for intrusion hunting in this 46-minute conference talk from Derbycon 2015. Learn effective methods for detecting intrusions, including analyzing Shimcache/Amcache data, server antivirus logs, and netstat data. Discover how to identify suspicious user-agent strings, examine Windows services and drivers, and investigate autoruns and prefetch data. Gain insights into checking your external visibility, understanding NTFS extended attributes, and mining EMET logs. Delve into RAM dump analysis for advanced hunting techniques. Equip yourself with valuable tools and strategies to enhance your cybersecurity defenses and detect potential threats in your systems.
Syllabus
Introduction
What Works Finding Intrusions?
What Do I Mean by "Hunting"?
Shimcache/Amcache
Shimcache Examples
What to Look for in the Shimcache/ Amcache Data
Server Antivirus Logs
Mining Netstat Data
User-Agent strings
User-Agent examples
o. Windows Services Example
+ Windows Drivers Example
Windows Autoruns
Autoruns - Examples
Windows Prefetch
Prefetch Examples
+ Checking How Outsiders See You
NTFS Extended Attributes
EMET Log Mining - Example
Hunting in RAM dumps
Closing Thoughts
Questions?
Related Courses
Network SecurityRochester Institute of Technology via edX Network Security
Georgia Institute of Technology via Udacity Real-Time Cyber Threat Detection and Mitigation
New York University (NYU) via Coursera Information security - IV
Indian Institute of Technology Madras via Swayam Cyber Security
CEC via Swayam