Play all

Intro

Motivations for "Living off the Land"

Case for PS Remoting (WinRM)

PowerShell Remoting

WMI-based Data Collection

CimSweep - Introduction

Intrusion Detection

WMI Event Basics - Events

WMI Query Language via PowerShell

Uproot - Introduction

ETW Introduction

ETW Terminology

Common ETW Usage

ETW for Incident Response

ETW Capture Scenario

Investigation

PowerForensics - Introduction

Taking Ideas from the Bad Guys

Device Guard - Introduction

Device Guard vs. AppLocker

Device Guard Monitoring

Device Guard Bypass Strategies

Device Guard Bypass Mitigations

Description:

Explore a comprehensive conference talk on minimalist Windows defense strategies and "Living off the Land" techniques. Delve into PowerShell Remoting, WMI-based data collection, and intrusion detection using WMI events. Learn about ETW (Event Tracing for Windows) for incident response, and discover PowerForensics for digital investigations. Examine Device Guard, comparing it to AppLocker, and understand potential bypass strategies and mitigations. Gain insights from both defensive and offensive perspectives to enhance your Windows security knowledge.

Living Off the Land 2 - A Minimalist's Guide to Windows Defense

Add to list

#Conference Talks #Information Security (InfoSec) #Cybersecurity #Incident Response #Intrusion Detection

0:00 / 0:00