Thursday, May 09, 2019
Threat Hunting via Windows Event Logs
Here's a copy of my SANS Security West keynote Threat Hunting via Windows Event Logs
Wednesday, April 24, 2019
Here's a copy of my Atlantic Security Conference talk: Build it Once, Build it Right: Architecting for Detection
Thursday, December 13, 2018
Tuesday, December 04, 2018
Build it Once, Build it Right: Architecting for Detection
Here's a copy of my Tactical Detection & Data Analytics Summit & Training 2018 keynote: Build it Once, Build it Right
Monday, April 23, 2018
SANS Blue Team Summit
Here is a copy of my SANS Blue Team Summit talk Threat Hunting via Windows Event Logs
Tuesday, April 03, 2018
Friday, September 22, 2017
DerbyCon 7: DeepBlueCLIv2 Talk and links
Here's a link to my DerbyCon 7 talk: Introducing DeepBlueCLI v2, Now Available in PowerShell and Python
Viedo of my talk (thank you: Adrian Crenshaw): http://www.irongeek.com/i.php?page=videos/derbycon7/t205-introducing-deepbluecli-v2-now-available-in-powershell-and-python-eric-conrad
Last year's talk: http://www.ericconrad.com/2016/09/deepbluecli-powershell-module-for-hunt.html
References:
Viedo of my talk (thank you: Adrian Crenshaw): http://www.irongeek.com/i.php?page=videos/derbycon7/t205-introducing-deepbluecli-v2-now-available-in-powershell-and-python-eric-conrad
DeepBlueCLI GitHub site: https://github.com/sans-blue-team/DeepBlueCLI
Last year's talk: http://www.ericconrad.com/2016/09/deepbluecli-powershell-module-for-hunt.html
References:
- Deconstructing Petya: how it spreads and how to fight back, https://nakedsecurity.sophos.com/2017/06/28/deconstructing-petya-how-it-spreads-and-how-to-fight-back/
- Mandiant M-Trends 2015, https://www2.fireeye.com/rs/fireye/images/rpt-m-trends-2015.pdf
- Command Line Kung Fu Episode #31: Remote Command Execution, http://blog.commandlinekungfu.com/2009/05/episode-31-remote-command-execution.html
- https://github.com/jaredhaight/PSAttack
- https://github.com/darkoperator/Posh-VirusTotal
- https://www.virustotal.com/en/documentation/public-api/
- http://blog.securityonion.net/2017/09/elastic-stack-alpha-release-and.html
- https://github.com/philhagen/sof-elk
- https://nxlog.co/products/nxlog-enterprise-edition
- https://github.com/williballenthin/python-evtx
- https://github.com/libyal/libevtx
Subscribe to:
Posts (Atom)