Viedo of my talk (thank you: Adrian Crenshaw): http://www.irongeek.com/i.php?page=videos/derbycon7/t205-introducing-deepbluecli-v2-now-available-in-powershell-and-python-eric-conrad
DeepBlueCLI GitHub site: https://github.com/sans-blue-team/DeepBlueCLI
Last year's talk: http://www.ericconrad.com/2016/09/deepbluecli-powershell-module-for-hunt.html
References:
- Deconstructing Petya: how it spreads and how to fight back, https://nakedsecurity.sophos.com/2017/06/28/deconstructing-petya-how-it-spreads-and-how-to-fight-back/
- Mandiant M-Trends 2015, https://www2.fireeye.com/rs/fireye/images/rpt-m-trends-2015.pdf
- Command Line Kung Fu Episode #31: Remote Command Execution, http://blog.commandlinekungfu.com/2009/05/episode-31-remote-command-execution.html
- https://github.com/jaredhaight/PSAttack
- https://github.com/darkoperator/Posh-VirusTotal
- https://www.virustotal.com/en/documentation/public-api/
- http://blog.securityonion.net/2017/09/elastic-stack-alpha-release-and.html
- https://github.com/philhagen/sof-elk
- https://nxlog.co/products/nxlog-enterprise-edition
- https://github.com/williballenthin/python-evtx
- https://github.com/libyal/libevtx