Explore abnormal behavior detection in large environments through this 50-minute conference talk from GrrCon 2016. Delve into defense strategies, attack patterns, and initial intrusion techniques. Learn about exploitation methods, including HTML attacks and PowerShell injection. Discover the use of invoke obfuscation, honey tokens, and Responder. Examine SCT files, persistence hooks, and service creations. Understand the importance of application whitelisting and various mitigation techniques. Gain insights into the concept of "Purple Time" and its relevance in cybersecurity.
Overview
Syllabus
Intro
Abnormal Behavior Detection
Defense
Understanding Attack Patterns
Initial Intrusion
Exploitation Methods
HTML Attack
PowerShell Injection
Invoke obfuscation
Honey tokens
Responder
SCT Files
Persistence hooks
Service creations
Application whitelisting
Mitigations
Purple Time
