Subverting Sysmon - Application of a Formalized Security Product Evasion Methodology
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a comprehensive methodology for subverting security products, focusing on Sysmon, in this Black Hat conference talk. Delve into the mindset of well-funded nation-state actors and their approach to holistically evading detection. Learn about the goals of evasive adversaries, detection and subversion methodologies, and the rationale behind targeting Sysmon specifically. Examine data collector subversion strategies and their application to Sysmon, including tool familiarization, data source resilience auditing, implementation analysis, and attack surface analysis. Gain insights into the engineering challenges faced by adversaries in subverting security solutions and the importance of understanding these techniques for improving defensive postures.
Syllabus
Intro
Goals of an Evasive Adversary 2. Delection and Detection Subversion Methodologies 3. Rationale for Targeting Sysmon 4. Data Collector Subversion Strategies Applied to Sysmon 5. Conclusion
Subverting security solutions is simply an engineering challenge of adversaries.
1. Tool Familiarization and Scoping
Data Source Resilience Auditing
Data Collection Implementation Analysis
4. Footprint/Attack Surface Analysis
Configuration Analysis
Taught by
Black Hat
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network