Overview
Explore a comprehensive conference talk from DefCamp 2019 focusing on Windows-based exploit chains and their detection mechanisms. Delve into topics such as single vulnerability exploitation, lateral movement detection, security priorities, and advanced analysis techniques including machine learning and natural language processing. Learn about major processes, algorithms, and event logs crucial for identifying and mitigating threats. Gain insights from real-world examples like the Japan Shot exploit and PowerPoint vulnerabilities. Discover how cybersecurity exercises and cutting-edge research contribute to improving defense strategies against sophisticated attacks on Windows systems.
Syllabus
Intro
About the speaker
What is their exploitation
Single vulnerability exploitation
Exploit a change
Japan Shot
Detecting Lateral Movement
Security Priorities
Event Log
Major Processes
Algorithm
Process Information
Event Logs
PowerPoint Exploit
Image Log Analysis
Machine Learning
Natural Language Processing
Results
Publications
Cybersecurity Exercise
Questions
Taught by
DefCamp