Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Building a Canarytoken to Monitor Windows Process Execution - Track 2

HackMiami via YouTube

Overview

Explore the creation of a new Canarytoken type designed to monitor Windows process execution in this 35-minute conference talk from HackMiami. Learn how to set up quick alerts for specific Windows file executions, providing an early warning system for potential security threats. Discover how this open-source tool can be used to create tripwires that alert on attacker actions, such as running sensitive commands like wmic.exe, qwinsta.exe, or bitsadmin.exe on critical systems and endpoints. Delve into the research behind this new Canarytoken, covering topics from Windows internals to encoding alerts over DNS channels. Gain insights on how these classical offensive techniques can be leveraged to strengthen your defensive strategies, offering rapid tipoffs when something is amiss or unauthorized commands are executed.

Syllabus

Track 2 03 Building A Canarytoken To Monitor Windows Process Execution

Taught by

HackMiami

Reviews

Start your review of Building a Canarytoken to Monitor Windows Process Execution - Track 2

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.