Skip to content

Cyber Security | Samuel Alonso

About
Books
Global Threats Research
- US
- Russia
- China
- Iran
- North Korea
Disclaimer

analysis, APT, Cyber Defense, cyberthreat, Incident response, malware, SOC, Threat Hunting

The top 10 windows logs event’s used to catch hackers

Posted by Samuel Alonso on September 23, 2016December 5, 2016

Very interesting presentation by Michael Gough from SecureWorks. It goes through some malware attack examples and the importance of the windows event id’s for their detection. Another must read.

The top 10 windows logs event id's used v1.0 from Michael Gough

Share this:

Twitter
Facebook
Email
LinkedIn
Reddit
Tumblr
WhatsApp
More

Print
Pinterest
Pocket

Like this:

Like Loading...

Related

DFIR Incident Reseponse Michael Gough SecureWorks Threat Hunting windows event ids

Post navigation

Previous Post Windows Commands abused by attackers (Japan CERT)

Next Post Lateral Movement Artefacts

One Comment Add yours

Pingback: Week 38 – 2016 – This Week In 4n6

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Google account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s

Notify me of new comments via email.

Notify me of new posts via email.

Translate

Follow me on Twitter

Top Posts & Pages

Network Forensics - Traffic Analysis (2)
Cyber Threat Hunting (1): Intro
Network Forensics - Traffic Analysis (1)
Book: Learn about firewall design, Juniper Networks
Enterprise Threat Modeling and ATT&CK
How They Rule the World: The 22 Secret Strategies of Global Power
Reporting to management / evidence reconstruction and hypothesis
Advanced Hunting with RSA Netwitness
Cyber Threat hunting with Sqrrl (From Beaconing to Lateral Movement)
Memory Forensics with Vshot and Remnux (rogue process identification,2)

Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 36 other followers

Archives

Archives

Follow on WordPress.com

Category Cloud

Advance Persistent Threat analysis APT Book cyber collaboration cyber deception Cyber Defense cyberespionage cyber intelligence cyber operations cyber strategy cyberthreat cyber threat intelligence cyberwar cyber warfare DFIR Digital Forensics forensics general Incident response malware network forensics Security Analytics SOC Strategic Cyber Threat Intelligence Theat Intelligence Threat Hunting traffic analysis Uncategorized whitepaper

Create a free website or blog at WordPress.com.

Send to Email Address Your Name Your Email Address

Cancel

Post was not sent - check your email addresses!

Email check failed, please try again

Sorry, your blog cannot share posts by email.

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

%d bloggers like this: