Webcast: Implementing Sysmon and Applocker

Click on the timecodes to jump to that part of the video (on YouTube)

Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_ImplementingSysmonAppLocker.pdf

5:03 Introduction, problem statement, and executive problem statement
8:19 What Sysmon is with a demo of how it works
24:54 Implementing Sysmon and how to have your computers automatically update and utilize Sysmon
29:05 Applocker, its uses, and a demonstration
46:12 AppLocker bypasses and security philosophy and implementing strategy
49:46 Q&A and Closing Thoughts

This webcast was originally recorded live on August 15th, 2019 with John Strand.

In almost every BHIS webcast we talk about how important application whitelisting and Sysmon are to a healthy security infrastructure. And yet, we have not done a single webcast on these two topics.

Let’s fix that.

In this webcast, we cover how to implement Sysmon and Applocker. We cover overall strategies for implementation and how to deploy them via Group Policy. 

We walk through a basic sample of malware and show how both of these technologies react to it. 

Finally, we cover a couple of different “bypass” techniques for each.  Everything in security has weaknesses, and these two technologies are no exception.