Identity Info in NTFS EA and ADSs using RSA NetWitness Platform

preview_player
Показать описание
Learn how to use RSA NetWitness Platform to identify information in NTFS Extended Attributes (EA) and Data [known as 'alternate data streams (ADSs) when more than one data attribute is present], that can be used to store arbitrary data (and even complete files).
This maps to Mitre ATT&CK ID T1096.
Demonstration is shown using RSA NetWitness Platform v11.4.0.1.

  1. RSA
  2. RSA
  3. RSA NetWitness
  4. NTFS
  5. Threat Detection
  6. Threat Monitoring
Рекомендации по теме
Identity Info in 0:09:53

Identity Info in NTFS EA and ADSs using RSA NetWitness Platform

Everything You Need 0:11:13

Everything You Need to Know About Windows Folder Permissions

OSIsoft: Set the 0:04:43

OSIsoft: Set the AF objects security, and database and collections security. v2010

MCITP 70-640: Special 0:12:12

MCITP 70-640: Special Identities

NTFS Permissions and 0:09:14

NTFS Permissions and RBAC for a Teams Use Case

To Automate or 0:29:37

To Automate or Not To Automate: That is the Incident Response Question

Monitor Remote File 0:07:50

Monitor Remote File Copies with RSA NetWitness Platform

[FIX] Access Denied 0:01:40

[FIX] Access Denied When Opening Bitlocker Encrypted Drive

OPS104 Securing SMB 1:26:54

OPS104 Securing SMB from within and without

Ubuntu: Access to 0:01:32

Ubuntu: Access to NTFS partition WITH authentication

Preventing Ad-Hoc Folder 0:02:56

Preventing Ad-Hoc Folder Creation and Credential Sharing | JumpCloud Webinar Clips {2022}

Identity and Access 0:51:22

Identity and Access Management Security Checklist for 2020

Files With Double 0:10:49

Files With Double Lives (NTFS File Streams)

Apple: Tuxera NTFS 0:02:35

Apple: Tuxera NTFS and High Sierra (2 Solutions!!)

How to Hide 1:16:53

How to Hide Unsuspected Data in Files

Gain Credential Dumping 0:07:07

Gain Credential Dumping Visibility Using RSA NetWitness Platform

Foundations of Cybersecurity 0:13:18

Foundations of Cybersecurity 4-7: Access Control

InfoSafe - Information 0:12:09

InfoSafe - Information Security and Fraud Protection - Part 1

Window Security Commands: 0:00:38

Window Security Commands: Lock, Restart, Shut Down, & Erase Windows Devices Remotely

Encrypt contents to 0:04:10

Encrypt contents to secure data greyed out in Windows - Fixed

Detect Rundll32 with 0:11:15

Detect Rundll32 with RSA NetWitness Platform

User Access Control, 0:05:59

User Access Control, Passwords and MFA

File Integrity Monitoring 0:05:43

File Integrity Monitoring for Mainframes - A Primer // Maintegrity Mainframe Security

The Biggest Problem 0:05:01

The Biggest Problem With SteamOS and the Steam Deck - Anyone Can Read the Files!