Intrusion Hunting for the Masses - A Practical Guide
Offered By: YouTube
Course Description
Overview
Explore practical techniques for intrusion hunting in this 46-minute conference talk from Derbycon 2015. Learn effective methods for detecting intrusions, including analyzing Shimcache/Amcache data, server antivirus logs, and netstat data. Discover how to identify suspicious user-agent strings, examine Windows services and drivers, and investigate autoruns and prefetch data. Gain insights into checking your external visibility, understanding NTFS extended attributes, and mining EMET logs. Delve into RAM dump analysis for advanced hunting techniques. Equip yourself with valuable tools and strategies to enhance your cybersecurity defenses and detect potential threats in your systems.
Syllabus
Introduction
What Works Finding Intrusions?
What Do I Mean by "Hunting"?
Shimcache/Amcache
Shimcache Examples
What to Look for in the Shimcache/ Amcache Data
Server Antivirus Logs
Mining Netstat Data
User-Agent strings
User-Agent examples
o. Windows Services Example
+ Windows Drivers Example
Windows Autoruns
Autoruns - Examples
Windows Prefetch
Prefetch Examples
+ Checking How Outsiders See You
NTFS Extended Attributes
EMET Log Mining - Example
Hunting in RAM dumps
Closing Thoughts
Questions?
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube