Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Tracing Adversaries - Detecting Attacks with ETW

via YouTube

Overview

Explore advanced techniques for detecting and tracing adversarial activities using Event Tracing for Windows (ETW) in this informative conference talk from Derbycon 7. Delve into practical demonstrations covering process and thread monitoring, PowerShell command tracking, script block capturing, domain lookup analysis, child process detection, file I/O monitoring, and thread tracking. Gain valuable insights into enhancing your cybersecurity defenses and improving your ability to identify and respond to potential threats in Windows environments.

Syllabus

Intro
Demo
Process Thread
PowerShell Commands
Capturing Script Blocks
Domain Lookup
Child Processes
File IO
Thread Tracking

Reviews

Start your review of Tracing Adversaries - Detecting Attacks with ETW

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.