all InfoSec news
Incident Response with Splunk 3: Investigating Windows & Powershell Anomalies
Feb. 10, 2024, 4:11 a.m. | CYBERWOX
CYBERWOX www.youtube.com
00:00 Intro
05:32 Bringing Tadi on & more greetings
10:26 Whose background looks nicer?
16:18 Thank you!
17:10 Why Splunk? (Depth & Breadth of Knowledge)
19:15 The Challenge
23:13 Orienting ourselves on the data
25:25 Backdoor user investigation
29:07 Registry modification activity
52:35 Investigating the impersonated user
54:05 Remote backdoor activity
58:59 Gemini, Bard & Copilot
01:00:59 Logins from backdoor user
01:30:40 I DIDN'T TRY ZERO
01:32:50 The compromised host
01:33:44 Powershell execution
01:48:50 Encoded PowerShell script
02:04:29 Outro …
amp backdoor challenge data incident incident response investigation knowledge modification nicer powershell registry response splunk timestamps windows
More from www.youtube.com / CYBERWOX
Skills and Experience Needed For Cybersecurity
4 days, 18 hours ago |
www.youtube.com
I Asked Cybersecurity Managers How To Get Hired
5 days, 18 hours ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC