Author, Blue Team, Blue Team Tools, Informational, John Strand, Red Team, Webcasts Attack Tactics, Blue Team, DeepBlueCLI, DFIR, Incident Response, john strand, log analysis

Webcast: Attack Tactics 7 – The Logs You Are Looking For

Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_AttackTactics7LogsYouAreLookingFor.pdf

So we went through an attack in the BHIS Webcast, “Attack Tactics 5! Zero to Hero Attack.” Then we went through the defenses in a follow-up webcast, “Attack Tactics 6! Return of the Blue Team,” and now we need to have a talk about logs.

Here is the deal, most of the default logging settings for IIS, Exchange, Active Directory and the workstations would have missed the entire attack.

So, let’s fix that.

In this webcast, we will be walking through some configuration changes required in order to detect attacks. We will also show you exactly what those logs will produce when configured properly.

Finally, we show you tools like LogonTracer, DeepBlueCLI, and some cool basic PowerShell to pull out important information from these logs.

Bonus video: Eric Conrad introducing DeepBlueCLI v2

Ready to learn more?

Level up your skills with affordable classes from Antisyphon!

Pay-What-You-Can Training

Available live/virtual and on-demand