Building a Canarytoken to Monitor Windows Process Execution - Track 2
Offered By: HackMiami via YouTube
Course Description
Overview
Explore the creation of a new Canarytoken type designed to monitor Windows process execution in this 35-minute conference talk from HackMiami. Learn how to set up quick alerts for specific Windows file executions, providing an early warning system for potential security threats. Discover how this open-source tool can be used to create tripwires that alert on attacker actions, such as running sensitive commands like wmic.exe, qwinsta.exe, or bitsadmin.exe on critical systems and endpoints. Delve into the research behind this new Canarytoken, covering topics from Windows internals to encoding alerts over DNS channels. Gain insights on how these classical offensive techniques can be leveraged to strengthen your defensive strategies, offering rapid tipoffs when something is amiss or unauthorized commands are executed.
Syllabus
Track 2 03 Building A Canarytoken To Monitor Windows Process Execution
Taught by
HackMiami
Related Courses
Advanced Cybersecurity Concepts and Capstone ProjectMicrosoft via Coursera Cloud for CISOs (Japanese)
Amazon Web Services via AWS Skill Builder Cloud for CISOs (Japanese) 日本語吹き替え版
Amazon Web Services via AWS Skill Builder Cyber Security Foundations: Common Malware Attacks and Defense Strategies
EC-Council via FutureLearn Escudo Digital: Ciberseguridad para Protección de Datos y Sistemas
Universidad Anáhuac via edX