PLAY PODCASTS
Webcast: Let’s Talk About ELK Baby, Let’s Talk About You and AD
Episode 1

Webcast: Let’s Talk About ELK Baby, Let’s Talk About You and AD

BHIS’ Defensery Driven Duo Delivers Another Delectable Transmission! We know you are worried about your networks. After hours of discussion, we’ve come to the realization that some of our dedicated followers seem to be much more interested in catching

Talkin' Bout [Infosec] News

January 7, 202058m 12s

Audio is streamed directly from the publisher (media.transistor.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode pageChapters

Show Notes

BHIS’ Defensery Driven Duo Delivers Another Delectable Transmission! We know you are worried about your networks. After hours of discussion, we’ve come to the realization that some of our dedicated followers seem to be much more interested in catching malware than learning how to be (please forgive this next statement) “l33t hax0rs.” Download slides: https://www.activecountermeasures.com/presentations/ 2:47 – Why Are We Doing This? 5:07 – AT7: The Logs You Are Looking For 7:41 – AD Best Practices to Frustrate Attackers 9:37 – AT 5 – Complete Takedown & AT 6 – IOCs 12:04 – Blue Team-A-Palooza 14:22 – Windows Logging, Sysmon, and ELK – Part 1 16:45 – Implementing Sysmon and Applocker 21:45 – …And Group Policies That Kill Kill-Chains 22:31 – Here Are Some Important Blogs 23:35 – Summary Complete 25:28 – Introducing the Atomic Red Team 27:50 – Installing the Atomic Framework 29:29 – Squibbly Doo; The Results; Let’s Take A Step Back: The Atomic Tests; Another Step Back: WEF / Winlogbeat Config 33:41 – Executing T1015; Catching Executables; Executin...
  • (00:00) - Intro
  • (02:47) - Why Are We Doing This?
  • (05:07) - AT7: The Logs You Are Looking For
  • (07:41) - AD Best Practices to Frustrate Attackers
  • (09:37) - AT 5 – Complete Takedown & AT 6 – IOCs
  • (12:04) - Blue Team-Apalooza
  • (14:22) - WIndows Logging, Sysmon and ELK – Part 1
  • (16:45) - Implementing Sysmon and Applocker
  • (21:45) - ...And Group Policies That Kill Kill-Chains
  • (22:31) - Here Are Some Important Blogs
  • (23:35) - Summary Complete
  • (25:28) - Introducing the Atomic Red Team
  • (27:50) - Installing the Atomic Framework
  • (29:29) - Squibbly Doo
  • (30:46) - The Results
  • (31:29) - Let's Take A Step Back: The Atomic Tests
  • (32:18) - Another Step Back: WEF / Winlogbeat Config
  • (33:41) - Executing T1015
  • (34:26) - Catching Executables
  • (41:05) - Executing T1003
  • (42:02) - ElastAlert
  • (43:21) - Now, On the ATT&CK
  • (44:20) - Not Sure If That's a Wrap Yet. (It's Not)
  • (47:11) - Check Out Our Dashboard

Topics

InfosecCybersecuritynews
← All episodes of Talkin' Bout [Infosec] News