Building a Canarytoken to Monitor Windows Process Execution - Track 2
Offered By: HackMiami via YouTube
Course Description
Overview
Explore the creation of a new Canarytoken type designed to monitor Windows process execution in this 35-minute conference talk from HackMiami. Learn how to set up quick alerts for specific Windows file executions, providing an early warning system for potential security threats. Discover how this open-source tool can be used to create tripwires that alert on attacker actions, such as running sensitive commands like wmic.exe, qwinsta.exe, or bitsadmin.exe on critical systems and endpoints. Delve into the research behind this new Canarytoken, covering topics from Windows internals to encoding alerts over DNS channels. Gain insights on how these classical offensive techniques can be leveraged to strengthen your defensive strategies, offering rapid tipoffs when something is amiss or unauthorized commands are executed.
Syllabus
Track 2 03 Building A Canarytoken To Monitor Windows Process Execution
Taught by
HackMiami
Related Courses
Implementing DNS in Microsoft Windows ServerMicrosoft via edX Networking for Web Developers
Udacity Microsoft Windows Server 2012 Fundamentals: DNS
Microsoft via edX Windows Server 2016: Basic Networking
Microsoft via edX The Bits and Bytes of Computer Networking
Google via Coursera