AI, Data Science & Cloud Certificates from Google, IBM & Meta
You’re only 3 weeks away from a new language
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore practical techniques for intrusion hunting in this 46-minute conference talk from Derbycon 2015. Learn effective methods for detecting intrusions, including analyzing Shimcache/Amcache data, server antivirus logs, and netstat data. Discover how to identify suspicious user-agent strings, examine Windows services and drivers, and investigate autoruns and prefetch data. Gain insights into checking your external visibility, understanding NTFS extended attributes, and mining EMET logs. Delve into RAM dump analysis for advanced hunting techniques. Equip yourself with valuable tools and strategies to enhance your cybersecurity defenses and detect potential threats in your systems.
Syllabus
Introduction
What Works Finding Intrusions?
What Do I Mean by "Hunting"?
Shimcache/Amcache
Shimcache Examples
What to Look for in the Shimcache/ Amcache Data
Server Antivirus Logs
Mining Netstat Data
User-Agent strings
User-Agent examples
o. Windows Services Example
+ Windows Drivers Example
Windows Autoruns
Autoruns - Examples
Windows Prefetch
Prefetch Examples
+ Checking How Outsiders See You
NTFS Extended Attributes
EMET Log Mining - Example
Hunting in RAM dumps
Closing Thoughts
Questions?