YoVDO

Building a Canarytoken to Monitor Windows Process Execution - Track 2

Offered By: HackMiami via YouTube

Tags

Cybersecurity Courses Ransomware Courses DNS Courses Threat Detection Courses Windows Internals Courses Atomic Red Team Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the creation of a new Canarytoken type designed to monitor Windows process execution in this 35-minute conference talk from HackMiami. Learn how to set up quick alerts for specific Windows file executions, providing an early warning system for potential security threats. Discover how this open-source tool can be used to create tripwires that alert on attacker actions, such as running sensitive commands like wmic.exe, qwinsta.exe, or bitsadmin.exe on critical systems and endpoints. Delve into the research behind this new Canarytoken, covering topics from Windows internals to encoding alerts over DNS channels. Gain insights on how these classical offensive techniques can be leveraged to strengthen your defensive strategies, offering rapid tipoffs when something is amiss or unauthorized commands are executed.

Syllabus

Track 2 03 Building A Canarytoken To Monitor Windows Process Execution


Taught by

HackMiami

Related Courses

Implementing DNS in Microsoft Windows Server
Microsoft via edX
Networking for Web Developers
Udacity
Microsoft Windows Server 2012 Fundamentals: DNS
Microsoft via edX
Windows Server 2016: Basic Networking
Microsoft via edX
The Bits and Bytes of Computer Networking
Google via Coursera