Channel | Publish Date | Thumbnail & View Count | Download Video |
---|---|---|---|
Publish Date not found | 0 Views |
Sysmon from Windows Sysinternal provides a wealth of information about processes running in a Windows environment (including malware). This talk is about using Sysmon logs to centrally scan for malware in a Windows environment. Almost all malware can be detected via event logs, especially after enabling Sysmon logs.
Sysmon offers advanced features, including logging the import hash (imphash) of each process, which maps the names and order of DLLs loaded by a portable executable. This is a great way to track families of related malware.
We also discuss updates to DeepWhite: an open source detective application whitelisting framework based on Microsoft Sysinternal's Sysmon that supports automatic submission of imphashes, EXE, DLL and driver hashes via a free Virustotal Community API key.
SANS Summit schedule: http://www.sans.org/u/DuS
The Blue Team Summit will feature presentations and panel discussions on actionable techniques, new tools and innovative methods to help cyber defenders improve their ability to prevent and detect attacks.
Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.