all InfoSec news
Incident Response with Splunk 3: Investigating Windows & Powershell Anomalies
Feb. 10, 2024, 4:11 a.m. | CYBERWOX
Day Cyberwox www.youtube.com
00:00 Intro
05:32 Bringing Tadi on & more greetings
10:26 Whose background looks nicer?
16:18 Thank you!
17:10 Why Splunk? (Depth & Breadth of Knowledge)
19:15 The Challenge
23:13 Orienting ourselves on the data
25:25 Backdoor user investigation
29:07 Registry modification activity
52:35 Investigating the impersonated user
54:05 Remote backdoor activity
58:59 Gemini, Bard & Copilot
01:00:59 Logins from backdoor user
01:30:40 I DIDN'T TRY ZERO
01:32:50 The compromised host
01:33:44 Powershell execution
01:48:50 Encoded PowerShell script
02:04:29 Outro …
amp backdoor challenge data incident incident response investigation knowledge modification nicer powershell registry response splunk timestamps windows
More from www.youtube.com / Day Cyberwox
Asking Ex-Helpdesks How To Transition Into Cybersecurity
5 days, 7 hours ago |
www.youtube.com
The Best Path To Cybersecurity #cybersecurity
1 week, 6 days ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Premium Hub - CoE: Business Process Senior Consultant, SAP Security Role and Authorisations & GRC
@ SAP | Dublin 24, IE, D24WA02
Product Security Response Engineer
@ Intel | CRI - Belen, Heredia
Application Security Architect
@ Uni Systems | Brussels, Brussels, Belgium
Sr Product Security Engineer
@ ServiceNow | Hyderabad, India
Analyst, Cybersecurity & Technology (Initial Application Deadline May 20th, Final Deadline May 31st)
@ FiscalNote | United Kingdom (UK)