Skip to content

Cyber Security | Samuel Alonso

About
Books
Digital Attack Maps
Disclaimer

analysis, APT, Cyber Defense, cyberthreat, Incident response, malware, SOC, Threat Hunting

The top 10 windows logs event’s used to catch hackers

Posted by Samuel Alonso on September 23, 2016December 5, 2016

Very interesting presentation by Michael Gough from SecureWorks. It goes through some malware attack examples and the importance of the windows event id’s for their detection. Another must read.

The top 10 windows logs event id's used v1.0 from Michael Gough

Advertisements

Share this:

Twitter
Facebook
Email
LinkedIn
Reddit
Tumblr
WhatsApp
More

Print
Pinterest
Pocket

Like this:

Like Loading...

Related

DFIR Incident Reseponse Michael Gough SecureWorks Threat Hunting windows event ids

Post navigation

Previous Post Windows Commands abused by attackers (Japan CERT)

Next Post Lateral Movement Artefacts

One Comment Add yours

Pingback: Week 38 – 2016 – This Week In 4n6

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Google account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s

Notify me of new comments via email.

Translate

Follow me on Twitter

Top Posts & Pages

Network Forensics - Traffic Analysis (2)
Hunting down Threat Infrastructure (1)
The top 10 windows logs event's used to catch hackers
Cyber Threat hunting with Sqrrl (From Beaconing to Lateral Movement)
Digital Attack Maps
Cyber Threat Hunting (1): Intro
Computer network defense operations, disrupting the enemy's attack
The evil side of DNS
Hunting down Threat Infrastructure (2, with PassiveTotal)
Memory Forensics with Vshot and Remnux (rogue process identification,2)

Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 31 other followers

Archives

Archives

Follow on WordPress.com

Category Cloud

analysis APT Book cyber collaboration cyber deception Cyber Defense cyberespionage cyber operations cyber strategy cyberthreat cyberwar cyber warfare DFIR Digital Forensics forensics general Incident response Intelligence Driven Incident Response malvertising malware network forensics PassiveTotal SANS Security Analytics SOC Theat Intelligence Threat Hunting traffic analysis Uncategorized whitepaper

Create a free website or blog at WordPress.com.

Send to Email Address Your Name Your Email Address

Cancel

Post was not sent - check your email addresses!

Email check failed, please try again

Sorry, your blog cannot share posts by email.

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

%d bloggers like this: