Full episode and show notes

Reverse Analyzing Attacks for Detection, Justin Henderson – Paul’s Security Weekly #519

Learn how to use Windows Event Logs to catch attackers in your network, including domain admin group enumeration and mimikatz attacks! Justin Henderson (@SecurityMapper) categorizes these techniques as “reverse attack analysis for detection” and shows us how to do it in this technical segment! References to Mark Baggett’s work on freq.py are made as well (https://isc.sans.edu/forums/diary/Detecting+Random+Finding+Algorithmically+chosen+DNS+names+DGA/19893/) Full Show Notes: https://wiki.securityweekly.com/Episode519 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg–XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Full Segment Notes

Learn how to use Windows Event Logs to catch attackers in your network, including domain admin group enumeration and mimikatz attacks! Justin Henderson (@SecurityMapper) categorizes these techniques as "reverse attack analysis for detection" and shows us how to do it in this technical segment! References to Mark Baggett's work on freq.py are made as well (https://isc.sans.edu/forums/diary/Detecting+Random+Finding+Algorithmically+chosen+DNS+names+DGA/19893/) Full Show Notes: https://wiki.securityweekly.com/Episode519 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Segments

Related Content

You can skip this ad in 5 seconds