filmov
tv
Detecting Command and Control Frameworks via Sysmon and Windows Event Logging
Показать описание
Prevention eventually fails. Bypassing tools such as Windows Defender Antivirus may be challenging, but it can be done. What then? What's left? Command and control (C2) frameworks such as Cobalt Strike, Sliver, and Metasploit typically leave telltale signs of their presence. This talk will largely be demo-based, showing how to analyze Windows event logs (including Sysmon logs) to hunt for traces left behind by modern C2 frameworks.
About the Speaker
Eric Conrad, a SANS Faculty Fellow and course author of three popular SANS courses. He has over 28 years of information security experience , has created numerous tools and co-authored the CISSP Study Guide. Eric is the Chief Technology Officer (CTO) of Backshore Communications, a company focusing on hunt teaming, intrusion detection, incident handling, and penetration testing. He is a graduate of the SANS Technology Institute with a Master of Science degree in Information Security Engineering and also holds various industry certifications including the Certified Information Systems Security Professional (CISSP), GSE, GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC.
About the Speaker
Eric Conrad, a SANS Faculty Fellow and course author of three popular SANS courses. He has over 28 years of information security experience , has created numerous tools and co-authored the CISSP Study Guide. Eric is the Chief Technology Officer (CTO) of Backshore Communications, a company focusing on hunt teaming, intrusion detection, incident handling, and penetration testing. He is a graduate of the SANS Technology Institute with a Master of Science degree in Information Security Engineering and also holds various industry certifications including the Certified Information Systems Security Professional (CISSP), GSE, GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC.
0:28:07
Detecting Command and Control Frameworks via Sysmon and Windows Event Logging
0:02:37
What is a command and control (C2) server?
0:07:46
Detecting the Sliver C2 Framework | Threat SnapShots
0:19:00
How Hackers Use netsh.exe For Persistence & Code Execution (Sliver C2)
0:02:06
The Command and Control (C2) Matrix
0:41:40
BlueHat v18 || Overt Command & Control: The Art of Blending In
0:01:04
What is command and control?
0:48:23
BG - Koadic C3 - Windows COM Command & Control Framework - Sean Dillon & Zach Harding
0:17:07
Introduction to the C2 Matrix - a Comparison of Command and Control Frameworks #C2Matrix
1:01:50
🔴 Command & Control (C2) Explained
0:57:59
Adversary Emulation and the C2 Matrix
0:48:34
DEF CON 24 - Brad Woodberg - Malware Command and Control Channels: A journey into darkness
0:00:57
MITRE 'Command and Control' explained under 1 minute
0:34:18
ZeekWeek 2022 - CatchM3ifuKan - Detecting Command-and-Control Techniques Up and Down the Stack
0:06:36
Command & Control (C2) Framework - SpyderC2 : Android Payload Generation
0:29:50
HAVOC C2 - Demon Bypasses Windows 11 Defender
0:58:27
C2 Matrix | SANS@MIC Talk
0:17:49
Introduction to Command and Control Servers | TryHackMe Red Team Track
2:18:37
Showcasing Sliver C2 (Command and Control) \\UserWare
0:08:53
Cyber Kill Chain Framework | Reconnaissance | Command and Control | Daniel Rawat
0:26:05
Detecting Cloud Command and Control By Dagmawi Mulugeta (2022)
0:59:58
SANS Webcast: Hacker Techniques - Covert Command and Control
0:28:31
Cyber Kill Chain - Command and Control
0:05:37
Command and Control Introduction | Day 18 (High-Level)
Комментарии