YoVDO

Skynet Will Use PsExec When SysInternals Go Bad

Offered By: YouTube

Tags

Conference Talks Courses Cybersecurity Courses Digital Forensics Courses System Administration Courses Anti-Forensics Courses

Course Description

Overview

Explore the potential misuse of Sysinternals tools for malicious purposes in this NolaCon 2017 conference talk. Delve into various internal reconnaissance techniques using PsInfo, PsLoggedOn, AdExplorer, ShareEnum, and TCPView. Learn about execution methods with PsExec and BgInfo, as well as persistence mechanisms utilizing PsPasswd and MoveFile. Discover anti-forensics techniques and methods for detecting Sysinternals usage through registry analysis, ShimCache examination, and Sdelete identification. Gain valuable insights into how attackers might leverage these powerful system utilities and how to defend against such tactics.

Syllabus

Intro
whoarewe
Our Prediction...
Why Use Sysinternals?
PsTools Disclaimer
Internal Recon PsInfo
Internal Recon PsLoggedOn
Internal Recon Logon Sessions
Internal Recon AdExplorer
Internal Recon ShareEnum
Internal Recon TCPView
Execution PsExec
Execution BgInfo
Persistence PsPasswd
Persistence MoveFile
Anti-Forensics MoveFile
Detecting Sysinternals Registry
Detecting Sysinternals ShimCache
Detecting Sysinternals Sdelete


Related Courses

Stealthier Attacks and Smarter Defending With TLS Fingerprinting
YouTube The Little Phone That Could Ch-ch-chroot
Security BSides London via YouTube A Tale of Two Malware Families - Overcoming Anti-Forensics and Foiling Botnets in the Cloud
BSidesLV via YouTube Moar Anti-Forensics for the Louise
BruCON Security Conference via YouTube Anti-Forensics on SAP Systems
WEareTROOPERS via YouTube