Reverse Analyzing Attacks for Detection, Justin Henderson Paul's Security Weekly #519 - podcast episode cover

Reverse Analyzing Attacks for Detection, Justin Henderson Paul's Security Weekly #519

Paul's Security Weekly (Video)
Jun 25, 201736 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Learn how to use Windows Event Logs to catch attackers in your network, including domain admin group enumeration and mimikatz attacks! Justin Henderson (@SecurityMapper) categorizes these techniques as "reverse attack analysis for detection" and shows us how to do it in this technical segment! References to Mark Baggett's work on freq.py are made as well (https://isc.sans.edu/forums/diary/Detecting+Random+Finding+Algorithmically+chosen+DNS+names+DGA/19893/)

Full Show Notes: https://wiki.securityweekly.com/Episode519

Security Weekly Web Site: http://securityweekly.com

Follow us on Twitter: @securityweekly

For the best experience, listen in Metacast app for iOS or Android