Threat Hunting via DeepBlueCLI v3

Channel:
United States SANS Cyber Defense
Subscribers:
23,700
Published on ● Video Link: https://www.youtube.com/watch?v=6sMluvfLsI8


Duration: 59:16
1,450 views
61

Every incident ends with a lessons learned meeting, and most executive summaries include this bullet point: "Leverage the tools you already paid for"

Are you leveraging the tools you already paid for? Are you using the host-based firewall to block/alert when applications like PowerShell, PSExec, and WMIC attempt to make outbound connections from non-IT clients? Have you enabled AppLocker?

DeepBlueCLIv3 will go toe-to-toe with the latest attacks, analyzing the evidence malware leaves behind, using built-in capabilities such as Windows command line auditing, PowerShell, and Sysmon logging. This talk will focus on the latest updates to DeepBlueCLI, including detecting Impacket and WMI-based attacks, C2 frameworks such as Sliver, password spraying, process injection, event log manipulation, and more.

Learn more about Eric's course SEC511 Continuous Monitoring and Security Operations: https://www.sans.org/u/1rq7

About the Speaker
Eric Conrad, a SANS Faculty Fellow and course author of three popular SANS courses. He has over 28 years of information security experience , has created numerous tools and co-authored the CISSP Study Guide. Eric is the Chief Technology Officer (CTO) of Backshore Communications, a company focusing on hunt teaming, intrusion detection, incident handling, and penetration testing. He is a graduate of the SANS Technology Institute with a Master of Science degree in Information Security Engineering and also holds various industry certifications including the Certified Information Systems Security Professional (CISSP), GSE, GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC.



Other Videos By SANS Cyber Defense


2023-07-28Blueprint Live - 11 Strategies of a World-Class Cybersecurity Operations Center
2023-07-28Cloudy with a Chance of Breaches: OSINTAdventures in Tracing Exposed Credentials
2023-07-28Hunting OneNote Malware: A Practical Guide for Blue Teams
2023-07-28BlueHound: Blue Teams of the World Unite!
2023-07-28The Cyber Pilfer Chain: detecting and disrupting post-exploitation data theft
2023-07-28Keynote | How to Save Your SOC from Stagnation
2023-07-28Keynote | Leave Only Footprints: When Prevention Fails
2023-07-28Blurple Teaming: Open Source Continuous Security Testing in the SOC
2023-07-18Strategies of a World-Class SOC | Host: John Hubbard | July 18, 2023
2023-07-17Strategy 11: Turn up the Volume by Expanding SOC Functionality
2023-07-14Threat Hunting via DeepBlueCLI v3
2023-07-10Strategy 10: Measure Performance to Improve Performance | SANS Blueprint Podcast
2023-07-03Strategy 9: Communicate Clearly, Collaborate Often, Share Generously | SANS Blueprint Podcast
2023-06-26Strategy 8: Leverage Tools and Support Analyst Workflow | SANS Blueprint Podcast
2023-06-19Strategy 7: Select and Collect the Right Data | SANS Blueprint Podcast
2023-06-15Blueprint Live at the SANS Blue Team Summit 2023 [SPECIAL EPISODE]
2023-06-14Strategy 6: Illuminate Adversaries with Cyber Threat Intelligence | SANS Blueprint Podcast
2023-06-13The Dark Knight of OSINT, Matt Edmondson | Host: Rob Lee | June 13, 2023
2023-06-05Strategy 5: Prioritize Incident Response | SANS Blueprint Podcast
2023-05-31Join us for the SANS Blue Team Summit 2023 - June 12-13!
2023-05-30Why YOU Should Attend SANS Blue Team Summit 2023


Tags:
cyber defense
cyber security
cyber defense training
cyber security training
cybersecurity
cybersecurity training
threat hunting
eric conrad
deepbluecli
threat hunting tool
powershell
powershell module
eric conrad cybersecurity
eric conrad cyber defense
threat hunting tools
windows command line
sysmon logging