Hidden Treasure - Detecting Intrusions with ETW

Hidden Treasure - Detecting Intrusions with ETW

via YouTube Direct link

What does an event look like?

5 of 28

5 of 28

What does an event look like?

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Hidden Treasure - Detecting Intrusions with ETW

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 ETW to the rescue
  3. 3 ETW visibility
  4. 4 ETW overview
  5. 5 What does an event look like?
  6. 6 How do you capture ETW events?
  7. 7 Real-time ETW solutions
  8. 8 krabsetw DNS lookup example
  9. 9 krabsetw PowerShell DLL load example
  10. 10 krabsetw PowerShell command example
  11. 11 krabsetw thread injection example
  12. 12 Forensic wishlist, revisited
  13. 13 Process Start
  14. 14 PowerShell DLL Loaded
  15. 15 Obfuscated PowerShell
  16. 16 Data Exfiltration
  17. 17 Malicious PowerShell
  18. 18 Remote Thread Injection
  19. 19 Event overload!
  20. 20 Reducing event volume
  21. 21 Types of signals
  22. 22 Techniques applied
  23. 23 Performance & Reliability
  24. 24 Tampering
  25. 25 How does the Red team do?
  26. 26 How can you use ETW in your environment?
  27. 27 What's next?
  28. 28 Questions?

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.