Following Breadcrumbs: Tracking Threats with Sysmon

Date: Wednesday, July 29th 2020 from 12-1pm EDT

Sysmon can allow you to improve your decisionmaking by offering you a glimpse into what is happening on a host. From knowing which processes are communicating to remote C2s or tracking where files are being downloaded from, Sysmon applies functionality that would be nearly impossible to gather if jobspecific devices were not put into place. Along with a little bit of Threat Hunting, this webinar intends to show how to make the most of the opportunities Sysmon can provide. 

In this webinar:

  • Introduction to Sysmon
  • Event Types
  • Use Cases 
    • From initial download to post exploitation 
  • Demos (recording) 
  • Analysis 
    • Relevant event types to look for 
    • Following activity down the line 
  • Tips and Tricks 

Register Today

About the Presenters

Brandon George & James Quinn

Brandon George is a Senior SOC Analyst for Binary Defense. In his free time, he is often with friends and family, running, or working on research projects. Probably never at the same time though. 

 

James Quinn is a Threat Researcher and Malware Analyst for Binary Defense. When he is not working at Binary Defense, he works as a freelance malware analyst and participates in security intelligence sharing groups. James is a major contributor to research of the Emotet botnet with the Cryptolaemus security researcher group.