Building a Canarytoken to Monitor Windows Process Execution - Track 2
Offered By: HackMiami via YouTube
Course Description
Overview
Explore the creation of a new Canarytoken type designed to monitor Windows process execution in this 35-minute conference talk from HackMiami. Learn how to set up quick alerts for specific Windows file executions, providing an early warning system for potential security threats. Discover how this open-source tool can be used to create tripwires that alert on attacker actions, such as running sensitive commands like wmic.exe, qwinsta.exe, or bitsadmin.exe on critical systems and endpoints. Delve into the research behind this new Canarytoken, covering topics from Windows internals to encoding alerts over DNS channels. Gain insights on how these classical offensive techniques can be leveraged to strengthen your defensive strategies, offering rapid tipoffs when something is amiss or unauthorized commands are executed.
Syllabus
Track 2 03 Building A Canarytoken To Monitor Windows Process Execution
Taught by
HackMiami
Related Courses
The RedTeam Blueprint - A Unique Guide To Ethical HackingUdemy Indicators of Compromise - From Malware Analysis to Eradication
44CON Information Security Conference via YouTube Counterfeiting the Pipes with FakeNet 2.0 - Part 2
Black Hat via YouTube Advanced Process Injection Techniques
NorthSec via YouTube Hypervisors in Your Toolbox - Monitoring and Controlling System Events with HyperPlatform
nullcon via YouTube