Unconventional Logging and Detection - SANS Tactical Detection Summit 2018

Channel:
United States SANS Institute
Subscribers:
64,000
Published on ● Video Link: https://www.youtube.com/watch?v=qXYG3uf3b8s


Category:
Vlog
Duration: 35:50
3,460 views
63

SIEM Summit 2019 Agenda: http://www.sans.org/u/UIC

Presenter:
Justin Henderson, SANS Institute

Log collection and detection go hand in hand, yet both are difficult. Are you allowed to deploy a log agent or not? Can you change system settings to generate the logs you need? The problem is the answer may be no to both questions. Even if the answer is yes, some detection capabilities cannot be done with standard logging and collection.

All is not lost. Windows, Linux, Unix, and Mac systems all have unconventional methods of log collection and detection that augment standard processes. This talk focuses on using alternative methods such as PowerShell, Python, or built-in binaries to generate custom logs and covers multiple use cases on what detection techniques those logs provide. Example: ARP cache poisoned? How about a detection technique that produces zero logs until it happens and then generates and ships off the record directly to your platform of choice.



Other Videos By SANS Institute


2019-05-19Including Indecipherable Graphics - Common Cybersecurity Writing Mistakes
2019-05-18Overstuffing the Paragraphs - Common Cybersecurity Writing Mistakes
2019-05-17Burying the Main Point - Common Cybersecurity Writing Mistakes
2019-04-02Top 5 Things to Know About Azure Active Directory Logs - SANS Tactical Detection Summit
2019-03-22SANS Security Operations Summit & Training 2019: Sneak Peek
2019-03-12Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them
2019-03-04The Hitchhiker’s Guide to Evidence Sources - SANS Webcast
2019-02-21Purple Teaming Explained
2019-02-20ICS Security Summit 2019: What to Expect
2019-02-16Network Visualizations: Understand what's happening faster and easier than ever! - SANS Webcast
2019-02-11Unconventional Logging and Detection - SANS Tactical Detection Summit 2018
2019-02-11SANS Blue Team Summit & Training 2019
2019-02-10The Changing Landscape of Offense - SANS Pen Test HackFest 2018
2019-02-07Burning Down the Haystack - SANS Security Operations Summit 2018
2019-02-06Measure Yo Bad Self - SANS Security Operations Summit 2108
2019-02-05Forgotten But Not Gone: Gathering NTFS Artifacts of Deletion - SANS Tactical Detection Summit 2018
2019-02-04Applied Data Science and Machine Learning for Cybersecurity - SANS Tactical Detection Summit 2018
2019-02-01Defeating Attackers with Preventative Security – SANS Institute
2019-01-31Build it Once, Build it Right: Architecting for Detection - SANS Tactical Detection Summit 2018
2019-01-31Ship of Fools: Shoring Up Kubernetes Security - SANS Secure DevOps Summit 2018
2019-01-30Lessons Learned from Illumina's SecDevOps Transition - SANS Secure DevOps Summit 2018


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training
SANS Summits