Sysmon: PowerShell Use Case 1

preview_player
Показать описание

  1. Jose Bravo
  2. Qradar
  3. Arcsight
  4. RSA
  5. Nitro
  6. LogRhythm
Рекомендации по теме
Sysmon: PowerShell Use 0:13:06

Sysmon: PowerShell Use Case 1

Sysmon: PowerShell Use 0:05:31

Sysmon: PowerShell Use Case 2

Understanding Sysmon & 0:57:52

Understanding Sysmon & Threat Hunting with A Cybersecurity Specialist & Incident Detection E...

How To Mine 0:04:53

How To Mine The Sysmon Event Log For File Hash Information Using PowerShell

Sysmon: PowerShell Use 0:08:30

Sysmon: PowerShell Use Case 3 Obfuscation

Sysmon Use Case 0:05:44

Sysmon Use Case 10 - Creating an Admin Account

Learning Sysmon - 0:11:45

Learning Sysmon - What is Sysmon? (Video 1)

Using Sysmon to 0:04:56

Using Sysmon to analyze a malware sample

PowerSIEM - Analyzing 0:25:03

PowerSIEM - Analyzing Sysmon Events with PowerShell - Dynamic Malware Analysis

Threat Hunting via 0:51:01

Threat Hunting via Sysmon - SANS Blue Team Summit

Sysmon for Linux 0:14:08

Sysmon for Linux PowerShell Module - SysmonLinux.Util

Sysmon Use Case 0:07:41

Sysmon Use Case 4 Bogus Windows Processes

Make a graph 0:01:14

Make a graph of sysmon process creation events

Sysmon Guides: psgumshoe 0:11:24

Sysmon Guides: psgumshoe

Learning Sysmon - 0:16:33

Learning Sysmon - Prioritizing Coverage (Video 14)

Sysmon and Wincollect 0:13:21

Sysmon and Wincollect Config in WIN10

Sysmon Guides: Process 0:14:51

Sysmon Guides: Process Tampering

Getting The Most 0:44:11

Getting The Most Out Of Sysmon

Sysmon Install 0:01:39

Sysmon Install

Forensic cases suited 0:09:08

Forensic cases suited for using PowerShell | Forensics Tutorial | eForensics

Hacks Weekly #7: 0:21:33

Hacks Weekly #7: Sysmon - how to set up, update and use?

Sysmon Use Case 0:05:44

Sysmon Use Case 5 Nasty Injection & Encoded Attacks

Learning Sysmon - 0:13:29

Learning Sysmon - Tracking When Drivers Are Loaded (Video 9)

Sysmon Use Case 0:05:32

Sysmon Use Case 6 - Detecting Other Libraries

Комментарии
Автор

Hi, thanks for the video.
I have a doubt with sysmon. What types of events can be sent to qradar via sysmon?
Would it be possible to send for example logins events?

Thanks in advice for your help.

danielmorenogonzalez
Автор

Hi, first thanks for the video. but in my opinion all the monitoring related to Powershell should be done with the Powershell logging option. if you enable and read those logs (also written into event log) you won't have concerns about code obfuscation and stuff like that, because you will get the raw code that PowerShell engine ran

ilyasamarov
Автор

Hi Jose, what do you mean by "carrots" ? Do you mean characters?

HexNebula