Channel | Publish Date | Thumbnail & View Count | Download Video |
---|---|---|---|
Publish Date not found | 0 Views |
For slides, labs, resources: https://github.com/DefensiveOrigins/APT06202001
New blog post with additional information: https://www.blackhillsinfosec.com/how-to-deploy-windows-optics-commands-downloads-instructions-and-screenshots/
0:00 – I heard we were good
2:31 – Course targets
4:53 – Course components
6:59 – Applied Purple Teaming Course Matrix
12:41 – Endpoint Optics Sysmon Audit Policy
14:09 – What is Sysmon
37:49 – Audit Policy
38:59 – Windows Event Collection
46:45 – We have some questions
1:01:08 – Break time 01
1:11:40 – Back to work
1:13:25 – Event Handler WEC/WEF event subscriptions
2:06:10 – I’ll take a break for questions (Break Time 02)
2:18:11 – Ingestors for log shipping events
2:36:17 – Further questions
3:00:32 – Break 03
3:13:06 – Back to work
3:26:42 – Atomic Purple Team / APT Lifecycle
3:46:22 – Final questions and thoughts
Build your own Purple Team lab in 4 hours (or less!).
Implementing Sysmon with modular configuration
Configure and launch meaningful monitoring policies
Deploying the WEF/WEC event capture model
Install WinLogBeat to transfer logs to …
The Hunting Elk (HELK)
Join the BHIS Discord channel to ask questions about the labs or training: https://discord.gg/aHHh3u5
(Use the channel for training preparation questions)
For slides, labs, resources: https://github.com/DefensiveOrigins/APT06202001
New blog post with additional information: https://www.blackhillsinfosec.com/how-to-deploy-windows-optics-commands-downloads-instructions-and-screenshots/
Kent Ickler and Jordan Drysdale will be leading a paid ($395) 3-day, 5.5-hour (16.5 hour) training course on Applied Purple Teaming from June 30 to July 2. More information: https://wildwesthackinfest.com/online-training/applied-purple-teaming/
Please send your questions, comments and feedback to: [email protected]
Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.