Home Labs: Attack and Defend Your DFIR Lab

Anti-Dote, ATT&CK, DFIR, Markus Schober, SPlunk, Sysmon

Markus Schober discusses how to set up and use attack and defend labs for incident response and digital forensics.

Implementing Sysmon and AppLocker

Allowlisting, Applocker, Backdoors & Breaches, BYPASSING, GROUP POLICY, John Strand, LOGGING, Malware, RED TEAM TOOLS, Sysmon, Windows

In this video, the speakers discuss the implementation and benefits of using AppLocker and Sysmon for enhancing security in IT environments. They demonstrate how to set up and configure both tools, and explain how they can prevent unauthorized applications from running and provide detailed logging of system activity.

Windows logging, Sysmon, and ELK

elasticsearch, ELK, HELK, John Strand, KIBANA, LOGSTASH, Sysmon, Windows, WINDOWS LOGGING

In this video, the speakers discuss the powerful capabilities of the ELK stack (Elasticsearch, Logstash, and Kibana) for handling and analyzing Sysmon logs to improve cybersecurity measures.

The long-awaited update to Sysmon is here!

Anti-Cast, Enterprise Forensics, Gerard Johansen, Sysmon, Webcast

The long-awaited update to Sysmon is here!

Microsoft has recently released version 15. This updated version of the popular logging tool includes new features and provides responders insight into endpoint behavior.

In this Anti-Cast, Gerard Johansen, digital forensics practitioner and course author of Enterprise Forensics and Response will walk through how Sysmon can aid in incident investigations.