Completed
Malicious PowerShell
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Hidden Treasure - Detecting Intrusions with ETW
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 ETW to the rescue
- 3 ETW visibility
- 4 ETW overview
- 5 What does an event look like?
- 6 How do you capture ETW events?
- 7 Real-time ETW solutions
- 8 krabset DNS lookup example
- 9 krabsetw PowerShell DLL load example
- 10 krabsetw PowerShell method example
- 11 krabsetw thread injection example
- 12 Forensic wishlist, revisited
- 13 Process Start
- 14 PowerShell DLL Loaded
- 15 Obfuscated PowerShell
- 16 Data Exfiltration
- 17 Malicious PowerShell
- 18 Remote Thread Injection
- 19 Event overload!
- 20 Reducing event volume
- 21 Types of signals
- 22 Techniques applied
- 23 Performance & Reliability
- 24 Tampering
- 25 How does the Red team do?
- 26 How can you use ETW in your environment?
- 27 What's next?
- 28 Questions?
