
Sign up to save your podcasts
Or
In this segment we welcome Carlos Perez back to the show! Carlos will discuss methods we can use to hide one systems and cover our tracks.
We'll cover how on a system (as administrator) the blue team's struggle using default logs or even on a default install of Sysmon to detect an attacker. Attackers can selectively disable modern event log providers, take action and then re-enable. We will demo this and how to best monitor for this technique.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-789
5
22 ratings
In this segment we welcome Carlos Perez back to the show! Carlos will discuss methods we can use to hide one systems and cover our tracks.
We'll cover how on a system (as administrator) the blue team's struggle using default logs or even on a default install of Sysmon to detect an attacker. Attackers can selectively disable modern event log providers, take action and then re-enable. We will demo this and how to best monitor for this technique.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-789
626 Listeners
14,126 Listeners
255 Listeners
331 Listeners
366 Listeners
148 Listeners
79 Listeners
1,009 Listeners
5 Listeners
7,879 Listeners
51 Listeners
91 Listeners
74 Listeners
58 Listeners
127 Listeners