In this segment we welcome Carlos Perez back to the show! Carlos will discuss methods we can use to hide one systems and cover our tracks. We'll cover how on a system (as administrator) the blue team's struggle using default logs or even on a default install of Sysmon to detect an attacker. Attackers can selectively disable modern event log providers, take action and then re-enable. We will demo this and how to best monitor for this technique.
Carlos is currently the Principal Consultant, Team Lead for Research at TrustedSec and well-known for his research on both Metasploit and Windows Powershell. His blog www.darkoperator.com carries the tag line: “Shell Is Only The Beginning”.
Stay up-to-date with us on X (formerly known as Twitter) for the latest show clips and updates! Find us @SecWeekly and stay connected with our cybersecurity community.
