Here are my slides from my SANS Webcast Introducing DeepBlueCLI v3.
DeepBlueCLI is available here.
Thursday, June 29, 2023
Sunday, June 11, 2023
Leave Only Footprints: When Prevention Fails
Here are links and EVTX files from my SANS Blue Team Summit keynote Leave Only Footprints: When Prevention Fails.
- Here are my slides
- Here are the EVTX files
- Sysmon
- The Rise of C2 Frameworks
- Most Popular C2 Frameworks – May 2023
- Busting the Ghost in the Logs - Randy Pargman & Jean-Francois Maes
- Tracking Malware with Import Hashing
- Impacket
- Hydra
- Metasploit
- Sliver
- Enabling logging of failed logons on Windows
Here are a few Powershell commands to parse the logs (also check out DeepBlueCLI):
- Any command referencing ADMIN$:
- Get-WinEvent @{Path="metasploit-sysmon.evtx";id=1} | Where {$_.Message -like "*ADMIN$*"} | fl
- Any command referencing both cmd.exe and wmiprvse.exe:
- Get-WinEvent @{Path="metasploit-sysmon.evtx";id=1} | Where {$_.Message -like "*cmd.exe*" –and $_.Message -like "*wmiprvse*"} | fl
- Create Remote Thread (Hashdump and process migration):
- Get-WinEvent @{Path="metasploit-sysmon.evtx";id=8} | fl
Thursday, January 12, 2023
Blind Data Exfiltration Using DNS and Burp Collaborator
Here's a copy of my slides for my SANS webcast Blind Data Exfiltration Using DNS and Burp Collaborator:
Blind Data Exfiltration Using DNS and Burp Collaborator
Here are the links:
- Link to the webcast (this will link to the webcast archive afterward)
- DNS-Exfiltrate Github site
- DNS Query Length... Because Size Does Matter
Thursday, April 07, 2022
Here's a list of links from my AtlSecCon 2022 talk Information Security for the Long Haul: Building a Career That Lasts.
- Link to my talk
- Cliff Stoll makes Klein Bottles
- Cliff Stoll on Numberphile
- Stuck by Amy Reardon
- $300 in Google Compute Credits
- Free Google Compute Training
- Free AWS Training
- Free Azure Training
- East Coast Infosec Podcast We All Have Our Masters Degree!" with Eric Conrad
- Toastmasters
- Sears-Halifax Toastmasters Club
- Schooner Toastmasters Halifax
- Creatively Speaking Toastmasters Halifax
Wednesday, August 19, 2020
Decrypt all the Things: How Encryption is Impacting Network-Based Security Controls
Here's a copy of my SANS @Mic webcast slides: Decrypt all the Things: How Encryption is Impacting Network-Based Security Controls
Wednesday, June 24, 2020
Threat Hunting via DNS
My SANS @Mic talk Threat Hunting via DNS
Here are the links:
- DNS New World Order: QuadX! DoH! DoT! Da Fuq?
- Paul Vixie on DoH
- Firefox continues push to bring DNS over HTTPS by default for US users
- Firefox to enable DNS-over-HTTPS by default to US users
- Firefox HTTP logging
- Tutorial to setup your own DNS-over-HTTPS (DoH) server
- DNS-over-HTTPS with Pi-Hole
- https://github.com/MarkBaggett/domain_stats
- https://www.arin.net/resources/registry/whois/rdap/
Monday, June 08, 2020
CISSP Cram Session
Here are the slides for my CISSP Cram Session webcast.
The webcast is available here: http://sans.org/u/140g
The webcast is available here: http://sans.org/u/140g
Subscribe to:
Posts (Atom)