YoVDO

What the Log - So Many Events, So Little Time

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Incident Response Courses Threat Detection Courses Windows Event Logs Courses

Course Description

Overview

Explore Windows Event Log investigation techniques for detecting adversaries in this 41-minute Black Hat conference talk by Miriam Wiesner. Learn about the Microsoft Security Compliance Toolkit, audit policies, and customer requests. Discover how to automate event lists, leverage the MITRE ATT&CK framework, and generate hunting queries. Gain insights into configuring event lists, generating queries, and exploring additional options to enhance your organization's threat detection capabilities and reduce the time needed to identify potential security breaches.

Syllabus

Introduction
Microsoft Security Compliance Toolkit
Audit Policies
Customer Request
Automate Event List
Mitre Attack
Mitre Sources
Three Questions
GUI
Power Event List
Generate Event List
Generate Hunting Queries
Generate Event List Queries
Configure Event List
Generate Queries
Other Options


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube