Feb. 10, 2024, 4:11 a.m. | CYBERWOX

Day Cyberwox www.youtube.com

TIMESTAMPS
00:00 Intro
05:32 Bringing Tadi on & more greetings
10:26 Whose background looks nicer?
16:18 Thank you!
17:10 Why Splunk? (Depth & Breadth of Knowledge)
19:15 The Challenge
23:13 Orienting ourselves on the data
25:25 Backdoor user investigation
29:07 Registry modification activity
52:35 Investigating the impersonated user
54:05 Remote backdoor activity
58:59 Gemini, Bard & Copilot
01:00:59 Logins from backdoor user
01:30:40 I DIDN'T TRY ZERO
01:32:50 The compromised host
01:33:44 Powershell execution
01:48:50 Encoded PowerShell script
02:04:29 Outro …

amp backdoor challenge data incident incident response investigation knowledge modification nicer powershell registry response splunk timestamps windows

Director of the Air Force Cyber Technical Center of Excellence (CyTCoE)

@ Air Force Institute of Technology | Dayton, OH, USA

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Omada Identity Consultant

@ Accenture | Wroclaw, West House

Compliance Team Manager

@ Civil Aviation Authority | London, GB

Cloud Security Engineer

@ NetApp | Bengaluru, Karnataka, IN, 560071

InfoSec - Product Security - Senior Program Manager

@ Elastic | Canada