Skip to content

Cyber Security | Samuel Alonso

About
Books
Digital Attack Maps
Disclaimer

analysis, APT, Cyber Defense, cyberthreat, Incident response, malware, SOC, Threat Hunting

The top 10 windows logs event’s used to catch hackers

Posted by Samuel Alonso on September 23, 2016December 5, 2016

Very interesting presentation by Michael Gough from SecureWorks. It goes through some malware attack examples and the importance of the windows event id’s for their detection. Another must read.

The top 10 windows logs event id's used v1.0 from Michael Gough

Advertisements

Share this:

Twitter
Facebook
Google
Email
LinkedIn
Reddit
Tumblr
WhatsApp
More

Print
Pinterest
Pocket

Like this:

Like Loading...

Related

DFIR Incident Reseponse Michael Gough SecureWorks Threat Hunting windows event ids

Post navigation

Previous Post Windows Commands abused by attackers (Japan CERT)

Next Post Lateral Movement Artefacts

One Comment Add yours

Pingback: Week 38 – 2016 – This Week In 4n6

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Google+ account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

w

Connecting to %s

Notify me of new comments via email.

Follow me on Twitter

Top Posts & Pages

Cyber Threat hunting with Sqrrl (From Beaconing to Lateral Movement)
Network Forensics - Traffic Analysis (1)
Network Threat Hunting Books
Cyber Threat Hunting (1): Intro
Memory Forensics with Vshot and Remnux (rogue process identification,2)
Network Forensics - Traffic Analysis (2)
Advance Hunting with RSA Netwitness
Detecting Lateral movement through event logs
Offensive Cyber Counterintelligence (white paper)
Cyber Threat Hunting (3): Hunting in the perimeter

Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 26 other followers

Archives

Archives

Follow on WordPress.com

Category Cloud

analysis APT Book CISSP client side attack cyber collaboration Cyber Defense cyberespionage cyber operations cyber strategy cyberthreat cyberwar cyber warfare DFIR Digital Forensics forensics general Incident response malvertising malware network forensics PassiveTotal SANS Security Analytics SOC Theat Intelligence Threat Hunting traffic analysis Uncategorized whitepaper

Create a free website or blog at WordPress.com.

Send to Email Address Your Name Your Email Address

Cancel

Post was not sent - check your email addresses!

Email check failed, please try again

Sorry, your blog cannot share posts by email.

%d bloggers like this: