Home Labs: Attack and Defend Your DFIR Lab

Anti-Dote, ATT&CK, DFIR, Markus Schober, SPlunk, Sysmon

Markus Schober discusses how to set up and use attack and defend labs for incident response and digital forensics.

What’s in the Box?? | I.R. Summit 2024

Anti-Dote, Canary Tokens, ELK, I.R. Summit, James Bierly, Sysmon

This webcast was originally published on July 19, 2024. In this video, the speaker discusses cybersecurity strategies for small businesses, focusing on cyber deception, Sysmon, and the ELK stack. They explore practical, low-cost solutions to help small businesses defend against cyber threats effectively. The video …

Implementing Sysmon and AppLocker

Allowlisting, Applocker, Backdoors & Breaches, BYPASSING, GROUP POLICY, John Strand, LOGGING, Malware, RED TEAM TOOLS, Sysmon, Windows

In this video, the speakers discuss the implementation and benefits of using AppLocker and Sysmon for enhancing security in IT environments. They demonstrate how to set up and configure both tools, and explain how they can prevent unauthorized applications from running and provide detailed logging of system activity.

Windows logging, Sysmon, and ELK

elasticsearch, ELK, HELK, John Strand, KIBANA, LOGSTASH, Sysmon, Windows, WINDOWS LOGGING

In this video, the speakers discuss the powerful capabilities of the ELK stack (Elasticsearch, Logstash, and Kibana) for handling and analyzing Sysmon logs to improve cybersecurity measures.

The long-awaited update to Sysmon is here!

Anti-Cast, Enterprise Forensics, Gerard Johansen, Sysmon, Webcast

The long-awaited update to Sysmon is here!

Microsoft has recently released version 15. This updated version of the popular logging tool includes new features and provides responders insight into endpoint behavior.

In this Anti-Cast, Gerard Johansen, digital forensics practitioner and course author of Enterprise Forensics and Response will walk through how Sysmon can aid in incident investigations.