Hunting Ransomware- Jupyter Notebook, Sysmon, Windows Security Log

Показать описание

Human Operated Ransomware (HORA) threat groups are growing in number and strength every day. Today is Day 10 of our Threat Hunting series and, we will will cover the evolution of, tactics inherent to, and threats associated with HORA. We will provide "quick wins" that you can implement now to protect yourself against this ugly threat. We will mainly focus on what to do if ransomware is running *right now*, along with what to do when ransomware has run and the outlook is bleak. We will show what are the best possible ways to hunt for the probable IOA of ransomware attack and how can you document and run your hunt against your network to identify if you are also under attack.

Encrypting all your files is a ransomware actors' final objective. But when the frantic helpdesk calls start coming in, can you quickly identify all impacted devices? Can you determine if data exfil and extortion are part of the attack? Can you tell if they destroyed your backups? This talk will cover common ransomware gang "hands on keyboard" techniques for stealing your data, disabling defenses, and making your data and devices resistant to recovery. Participants will take away hunt logic which can be employed right away for early detection and rapidly scoping a ransomware compromise.

So watch the full episode and leverage the notebook to strategies your hunt technique.

WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!
-------------------------------------------------------------------------------------------------------------------------

📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ Twitter: @blackperl_dfir

Рекомендации по теме

Комментарии

Human Operated Ransomware (HORA) threat groups are growing in number and strength every day. Today is Day 10 of our Threat Hunting series and, we will will cover the evolution of, tactics inherent to, and threats associated with HORA. We will provide "quick wins" that you can implement now to protect yourself against this ugly threat. We will mainly focus on what to do if ransomware is running *right now*, along with what to do when ransomware has run and the outlook is bleak. We will show what are the best possible ways to hunt for the probable IOA of ransomware attack and how can you document and run your hunt against your network to identify if you are also under attack.

Encrypting all your files is a ransomware actors' final objective. But when the frantic helpdesk calls start coming in, can you quickly identify all impacted devices? Can you determine if data exfil and extortion are part of the attack? Can you tell if they destroyed your backups? This talk will cover common ransomware gang "hands on keyboard" techniques for stealing your data, disabling defenses, and making your data and devices resistant to recovery. Participants will take away hunt logic which can be employed right away for early detection and rapidly scoping a ransomware compromise.

So watch the full episode and leverage the notebook to strategies your hunt technique.

WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!

📞📲
FOLLOW ME EVERYWHERE-

✔ Twitter: @blackperl_dfir

BlackPerl

Good one..
Please, make playlist/tutorials on
1. Microsoft 365 defender, sentinel Azure ATP portal setup and how to investigate and all
2. threat hunting using Kql.

KaranPatel-igjk

Thumbnail e Day <number> same position e thakle bhalo hoy.

Sourav_Debnath

So much valuable information, Thanks!

hps

hi, I am try to understand ransomware attack so I have setup a lab of ELK cloud connected to vm having sysmon but I search for event code in your videos but no result I am clue less how to prove that attack happen which log to see after attack. In VM ransomware has already executed can you provide some help to hunt which log to show in report

meooow

can you please also help in dark web hunting

pranavdarwai

Hii arpan dada.. I am also from future... SM sir recommend us your channel to get help in cyber ... Keep it up

shreyahalder

Hunting Ransomware- Jupyter Notebook, Sysmon, Windows Security Log

Hunting Ransomware- Jupyter Notebook, Sysmon, Windows Security Log

Threat Hunting using Sysmon | Identify malicious or anomalous activity

Hunting for Malware Network Traffic using Jupyter Notebooks

Hunting for ransomware activities with Advanced Hunting

Threat Hunting Course with Jupyter, Hunting for Defense Evasion- DLL Injection , Part 7

Hunting and Scoping A Ransomware Attack

This Ransomware Caused The Company to Exit the Market

[21] Malware Lab - Windows Sysmon Install

Advanced Incident Detection and Threat Hunting using Sysmon and Splunk Tom Ueltschi

Threat Hunting Course with Jupyter, Hunting for Persistence WMI Eventing , Part 5

Threat Hunting Course with Jupyter, Hunting PowerShell Remote Execution , Part 3

Threat Hunting Course with Jupyter, Hunting for Privilege Escalation , Part 6

Threat Hunting Course with Jupyter, Hunting for Credential Access-LSASS Access, Part 8

Learning Sysmon - Tracking and Blocking File Creation (Video 16)

How threat hunting can transform your security operations

DFIR - Ransomware Attack

Windows logging, Sysmon, and ELK

HELK – Open Source Threat Hunting Platform

Cyber Threat Workshop - 2-17-2022 -Threat Hunting - How to Find Malware Phishing Infrastructure

|| SOLVED || #ALPHV #BlackCat #bzeakde #ransomware #virus - #Remove and #decryption

Threat Hunting Tutorial- Day2

Stay ahead of the game: automate your threat hunting workflows

Faster, Better, AND Cheaper: Improving security operations using open source tools

Sysinternals: System Monitor deep dive (demo) | Sysmon, device, driver, Windows | Microsoft