Talkin' Bout [Infosec] News

BHIS’ Defensery Driven Duo Delivers Another Delectable Transmission!

We know you are worried about your networks. After hours of discussion, we’ve come to the realization that some of our dedicated followers seem to be much more interested in catching malware than learning how to be (please forgive this next statement) “l33t hax0rs.”

Download slides: https://www.activecountermeasures.com/presentations/

2:47 – Why Are We Doing This?

5:07 – AT7: The Logs You Are Looking For

7:41 – AD Best Practices to Frustrate Attackers

9:37 – AT 5 – Complete Takedown & AT 6 – IOCs

12:04 – Blue Team-A-Palooza

14:22 – Windows Logging, Sysmon, and ELK – Part 1

16:45 – Implementing Sysmon and Applocker

21:45 – …And Group Policies That Kill Kill-Chains

22:31 – Here Are Some Important Blogs

23:35 – Summary Complete

25:28 – Introducing the Atomic Red Team

27:50 – Installing the Atomic Framework

29:29 – Squibbly Doo; The Results; Let’s Take A Step Back: The Atomic Tests; Another Step Back: WEF / Winlogbeat Config

33:41 – Executing T1015; Catching Executables; Executin...

Show Notes

BHIS’ Defensery Driven Duo Delivers Another Delectable Transmission! We know you are worried about your networks. After hours of discussion, we’ve come to the realization that some of our dedicated followers seem to be much more interested in catching malware than learning how to be (please forgive this next statement) “l33t hax0rs.” Download slides: https://www.activecountermeasures.com/presentations/ 2:47 – Why Are We Doing This? 5:07 – AT7: The Logs You Are Looking For 7:41 – AD Best Practices to Frustrate Attackers 9:37 – AT 5 – Complete Takedown & AT 6 – IOCs 12:04 – Blue Team-A-Palooza 14:22 – Windows Logging, Sysmon, and ELK – Part 1 16:45 – Implementing Sysmon and Applocker 21:45 – …And Group Policies That Kill Kill-Chains 22:31 – Here Are Some Important Blogs 23:35 – Summary Complete 25:28 – Introducing the Atomic Red Team 27:50 – Installing the Atomic Framework 29:29 – Squibbly Doo; The Results; Let’s Take A Step Back: The Atomic Tests; Another Step Back: WEF / Winlogbeat Config 33:41 – Executing T1015; Catching Executables; Executin...
  • (00:00) - Intro
  • (02:47) - Why Are We Doing This?
  • (05:07) - AT7: The Logs You Are Looking For
  • (07:41) - AD Best Practices to Frustrate Attackers
  • (09:37) - AT 5 – Complete Takedown & AT 6 – IOCs
  • (12:04) - Blue Team-Apalooza
  • (14:22) - WIndows Logging, Sysmon and ELK – Part 1
  • (16:45) - Implementing Sysmon and Applocker
  • (21:45) - ...And Group Policies That Kill Kill-Chains
  • (22:31) - Here Are Some Important Blogs
  • (23:35) - Summary Complete
  • (25:28) - Introducing the Atomic Red Team
  • (27:50) - Installing the Atomic Framework
  • (29:29) - Squibbly Doo
  • (30:46) - The Results
  • (31:29) - Let's Take A Step Back: The Atomic Tests
  • (32:18) - Another Step Back: WEF / Winlogbeat Config
  • (33:41) - Executing T1015
  • (34:26) - Catching Executables
  • (41:05) - Executing T1003
  • (42:02) - ElastAlert
  • (43:21) - Now, On the ATT&CK
  • (44:20) - Not Sure If That's a Wrap Yet. (It's Not)
  • (47:11) - Check Out Our Dashboard

What is Talkin' Bout [Infosec] News?

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
Join us live on YouTube, Monday's at 4:30PM ET