Explore abnormal behavior detection in large environments through this 50-minute conference talk from GrrCon 2016. Delve into defense strategies, attack patterns, and initial intrusion techniques. Learn about exploitation methods, including HTML attacks and PowerShell injection. Discover the use of invoke obfuscation, honey tokens, and Responder. Examine SCT files, persistence hooks, and service creations. Understand the importance of application whitelisting and various mitigation techniques. Gain insights into the concept of "Purple Time" and its relevance in cybersecurity.