Detecting Command and Control Frameworks via Sysmon and Windows Event Logging

Channel:
United States SANS Cyber Defense
Subscribers:
23,700
Published on ● Video Link: https://www.youtube.com/watch?v=x7xXEyTWgrs


Category:
Vlog
Duration: 28:06
2,951 views
112

Prevention eventually fails. Bypassing tools such as Windows Defender Antivirus may be challenging, but it can be done. What then? What's left? Command and control (C2) frameworks such as Cobalt Strike, Sliver, and Metasploit typically leave telltale signs of their presence. This talk will largely be demo-based, showing how to analyze Windows event logs (including Sysmon logs) to hunt for traces left behind by modern C2 frameworks.

Learn more about Continous Monitoring and Security Operations: https://www.sans.org/u/1vzW

About the Speaker
Eric Conrad, a SANS Faculty Fellow and course author of three popular SANS courses. He has over 28 years of information security experience , has created numerous tools and co-authored the CISSP Study Guide. Eric is the Chief Technology Officer (CTO) of Backshore Communications, a company focusing on hunt teaming, intrusion detection, incident handling, and penetration testing. He is a graduate of the SANS Technology Institute with a Master of Science degree in Information Security Engineering and also holds various industry certifications including the Certified Information Systems Security Professional (CISSP), GSE, GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC.



Other Videos By SANS Cyber Defense


2024-08-13Enhanced Vendor Risk Assessments: Maximize Risk Reduction and Strengthening Vendor Relations
2024-07-01Get to Know Sean Thomas
2024-06-07Who is SEC401 for?: Security Essentials for Everyone!
2024-06-06Why Take SEC401?
2024-06-06Next-Gen Labs: Finding Vulnerabilities Caused by Rushed Production
2024-06-05Next-Gen Labs: Investigating Phishing Attacks
2024-06-04Next-Gen Labs: Addressing AWS Compromise Issues
2024-06-04What is the Goal of SEC401?
2024-06-03What Is a Next-Gen Lab? | SANS SEC401
2024-05-21Meet Rich Greene: New SEC301 Instructor | Cybersecurity Expert Introduction
2024-04-19Detecting Command and Control Frameworks via Sysmon and Windows Event Logging
2024-04-18Simplifying SSH Key Management: Leveraging ssh config for Security and Efficiency
2024-04-17Cracking the Code: The Role of Programming in Information Security
2024-04-16Relentless Defense - Rules for Security Operations That Keep Attackers Off Your Network
2024-04-15Unlocking Cybersecurity: From Zero to Hero in the Digital Age
2024-04-12AI Powered BladeRunners: The Role of AI in Implementing Zero Trust
2024-04-11Breach Data Infrastructure
2024-04-11A View From the Trenches
2024-04-11OSINT Psychology: Understanding the Human Element of Intelligence Gathering
2024-04-11Uncover the Invisible Gold Mines: How to Dump Raw Data From TikTok
2024-04-11Trailblazer: Piercing the Veil of VehicleSecrets with OSINT Alchemy


Tags:
cyber defense
cyber security
cyber defense training
cyber security training
cybersecurity
cybersecurity training
eric conrad
sans sec511
sec511 continuous monitoring and security operations
continuous monitoring
security operations
continuous monitoring cybersecurity
command and control frameworks
detecting command and control frameworks
sysmon
windows event logging
sysmon logs
sysmon log analysis
C2 frameworks
windows log analysis
windows logs