Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Busting Red Team Trends with Style - Building a Custom ETW-Based Sysmon Replacement

x33fcon via YouTube

Overview

Explore a 33-minute conference talk from x33fcon that delves into the development of a custom ETW-based Sysmon replacement designed to fingerprint threat actors and red team techniques. Learn about the enhanced capabilities for monitoring (in)direct syscalls, sleepmasks, module proxying, and callstack spoofing. Discover how this custom solution maintains Sysmon compatibility while providing enriched event information and additional telemetry for more effective threat hunting. Understand the architecture used for collecting and correlating events from various ETW Providers at scale, including insights into RPC, callstack, and syscall monitoring. Gain valuable knowledge about identifying new IOCs generated by popular offensive tooling techniques and learn from the development challenges and solutions encountered during the project's implementation.

Syllabus

6. Sebastian Feldmann and Philipp Schmied: Busting Redteam Trends with Style - Lessons Learned

Taught by

x33fcon

Reviews

Start your review of Busting Red Team Trends with Style - Building a Custom ETW-Based Sysmon Replacement

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.