Sysmon

Author, How-To, Informational, InfoSec 101, Jordan Drysdale Jordan Drysdale, Sysmon

A Sysmon Event ID Breakdown – Updated to Include 26, 27 and 28!!

Jordan Drysdale // UPDATES! December 22, 2022 So – there have been some changes to Sysmon and this blog needed polishing. The latest Event IDs and descriptions are now included for […]

Read the entire post here

00427_01072020_WebcastLetsTalkAboutElkBaby

Author, Blue Team, Blue Team Tools, How-To, Informational, Jordan Drysdale, Kent Ickler, Podcasts, Webcasts Active Directory, applocker, Atomic Red Team, ATT&CK, ELK, Group Policies, Jordan Drysdale, Kent Ickler, Sysmon, Windows logging, Winlogbeat

Webcast: Let’s Talk About ELK Baby, Let’s Talk About You and AD

BHIS’ Defensery Driven Duo Delivers Another Delectable Transmission! We know you are worried about your networks. After hours of discussion, we’ve come to the realization that some of our dedicated […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

00419_11262019_WEBCAST_GroupPoliciesKillKillChains

Author, Blue Team, Informational, Jordan Drysdale, Kent Ickler, Webcasts Best Practices, CMD, Group Policies, honey accounts, Jordan Drysdale, Kent Ickler, Kerberos, LAPS, LLMNR, Local Admin Controls, Logging, PowerShell, SMB Message Signing, Sysmon

Webcast: Group Policies That Kill Kill Chains

On this webcast, we’ll guide you through an iterative process of building and deploying effective and practical Group Policy Objects (GPOs) that increase security posture. Slides for this webcast can […]

Read the entire post here

Author, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, John Strand ADHD, john strand, Logging, Malware, Sysmon

Getting Started With Sysmon

John Strand // In this blog, I want to walk through how we can set up Sysmon to easily get improved logging over what we get from normal (and just […]

Read the entire post here

00404_09042019_WEBCAST_WindowsloggingsysmonELK (1)

Author, How-To, Informational, John Strand, Webcasts elasticsearch, ELK, HELK, john strand, kibana, Logstash, Sysmon, Windows, Windows logging, Winlogbeat

Webcast: Windows logging, Sysmon, and ELK

Click on the timecodes to jump to that part of the video (on YouTube) Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_WindowsLogginSysmonELK.pdf 4:36 Problem Statement and Executive Problem Statement 9:00 […]

Read the entire post here

00402_08302019_WEBCAST_ImplementingSysmon

Author, How-To, Informational, John Strand, Red Team Tools, Webcasts applocker, Bypassing, Group Policies, group policy, john strand, Logging, Malware, Sysmon, whitelisting, Windows

Webcast: Implementing Sysmon and Applocker

Click on the timecodes to jump to that part of the video (on YouTube) Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_ImplementingSysmonAppLocker.pdf 5:03 Introduction, problem statement, and executive problem […]

Read the entire post here

Author, Blue Team, How-To, Jordan Drysdale, Kent Ickler, Webcasts Active Directory, AD, AWS, Best Practices, Blue Team, Defender, Federation Services, Firewall, Group Policies, Groups, Infrastructure, Job Functional Roles, Jordan Drysdale, Jugular, Kent Ickler, LAPS, LLMNR, LSDOU, Naming Conventions, security, Sysmon, webcast, webcasts, whitelisting

Active Directory Best Practices to Frustrate Attackers: Webcast & Write-up

Kent Ickler & Jordan Drysdale // BHIS Webcast and Podcast This post accompanies BHIS’s webcast recorded on August 7, 2018, Active Directory Best Practices to Frustrate Attackers, which you can view below. […]

Read the entire post here

00213_07102017_EndpointMonitoringShoestringBudget

Author, Blue Team, Blue Team Tools, Derek Banks, Joff Thyer, Webcasts Breadcrumb Trails, elasticsearch, Endpoint Monitoring, kibana, Logstash, Monitoring, NXlog, Sysmon

How To Do Endpoint Monitoring on a Shoestring Budget – Webcast Write-Up

Joff Thyer & Derek Banks // Editor’s Note: This is a more in-depth write-up based on the webcast which can be watched here. As penetration testers, we often find ourselves […]

Read the entire post here