Play all

Intro

What's happening on our endpoints?

Sysmon Visibility

Getting Started with Sysmon

Swift vs. SIG Sysmon Config

Transporting Logs with WEC

SIEM Integration

What kinds of badness can we detect?

Malicious Microsoft Word Macro Payload

Malicious PowerShell Execution

Rubber Ducky and Mouse Jacking Attacks

Sticky Keys Attack

Lateral Movement with WMI

Lateral Movement with PsExec

Lateral Movement with Sneaky PsExec

Dumping Credentials from Memory

Investigation with PowerShell & Excel

Malspam with Word Macro

Malspam SIEM Alert

Getting Sysmon Events via PowerShell

Adding Sysmon Fields to Events Properties

Interacting with Excel via PowerShell

Advanced Analytics with Spoor

How can you get started with Sysmon?

Description:

Learn how to enhance your Security Operations Center (SOC) using Sysmon in this conference talk from BSidesPhilly 2017. Explore endpoint visibility, Sysmon configuration, log transportation, and SIEM integration. Discover techniques for detecting various malicious activities, including Word macro payloads, PowerShell execution, physical attacks, lateral movement, and credential dumping. Gain insights into investigation methods using PowerShell and Excel, and learn about advanced analytics with Spoor. Get practical advice on implementing Sysmon to improve your organization's security posture.

Supercharge Your SOC with Sysmon

Add to list

#Conference Talks #Information Security (InfoSec) #Cybersecurity #Computer Science #Information Technology #PowerShell #Data Science #Data Analytics #Advanced Analytics