A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Endpoint Detection Super Powers on the cheap, with Sysmon - Olaf Hartong Derbycon 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

Endpoint Detection Super Powers on the cheap, with Sysmon
Olaf Hartong
Derbycon 2019

Based on my experience as a blue- and purple teamer I wanted to create a workflow toolkit for anyone with access to Splunk to get started with a set of tools that enables them to hit the ground running on a tight budget without compromising on quality. I will explain the pain of lacking visibility in a common Enterprise environment. I will present my hunting app, which contains over 150 searches and over 15 dashboards. Knowledge is power; The workflow has been intentionally built on generic searches to cover all attack variations, to be able to uncover most potentially malicious behaviour. The dashboards contain overviews, threat indicators and facilitate consecutive drilldown workflows to help the analyst determine whether this is a threat or not and allow them to whitelist.

Olaf is a person of many interests with a passion for defensive security and data. He has over 13 years of experience in security, he specializes in building and operationalizing SOC teams through the use of SIEM systems or log management systems such as Splunk. He is an expert Threat Hunter and works in close collaboration with the Red Team to facilitate Purple teaming workshops for his clients. He is the author of several security focused tools and blogs. Olaf has spoken at MITRE ATT&CKcon, ISF Live, Splunk Live, BlackHat, FIRST

@olafhartong

Back to Derbycon 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast