The top 10 windows logs event’s used to catch hackers

Very interesting presentation by Michael Gough from SecureWorks. It goes through some malware attack examples and the importance of the windows event id’s for their detection. Another must read.

Windows Commands abused by attackers (Japan CERT)

One more interesting article about the most abused commands in windows. It is a must read if you are interesting in endpoint hunting.

http://blog.jpcert.or.jp/.s/2016/01/windows-commands-abused-by-attackers.html

 

Detecting Lateral Movement in APT’S by Japan CERT

I am not going to add much to this article, I know is not very original but you should go straight into the presentation. It is worth your time if you are looking to understand lateral movement, examples with windows event id’s and Kerberos KDC vulnerability.

https://www.first.org/resources/papers/conf2016/FIRST-2016-105.pdf

 

Book: Learn about firewall design, Juniper Networks

juniper

 

Mini-book oriented to firewall design. The book explains very well the role that the company policy plays when designing the firewall. It is a very easy to read, well written and a refresher if you are studying firewall design and monitoring. I particularly used it to refresh and get ideas on those indicators that are interesting to monitor in firewalls.

https://www.amazon.co.uk/Learn-About-Firewall-Design-Thompson-Melanson-ebook/dp/B00O4CWKF8/ref=sr_1_1?s=books&ie=UTF8&qid=1474598305&sr=1-1&keywords=Learn+about+firewall+design%2C+Juniper+Networks

 

Intrusion Detection with Windows Event ID’s

This paper is the best I have ever read on how to build IOC’s with Windows Event ID’s. I highly recommend you to read it, it contains very useful information and some very interesting behavioural examples of attacker activity. If you are looking to enhance your detection in your core network this is the document!

EventCollection-Diagram-Small

 

http://tinyurl.com/zpggnfq