Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Disrupting the Kill Chain

BruCON Security Conference via YouTube

Overview

Explore a comprehensive conference talk on disrupting the kill chain in a Windows environment. Delve into a defender's approach to minimizing cyber-adversary access and success, building upon previous work on defending Microsoft environments at scale. Learn about the most effective and efficient controls in Windows 10 and associated Microsoft systems to disrupt the kill chain. Examine the Lockheed Martin kill chain in conjunction with the MITRE ATT&CK framework and understand how they are used to build a defense model. Discover specific capabilities of the Windows subsystem to detect and respond to various stages of an attack lifecycle, including persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, execution, collection, exfiltration, and command and control. Gain insights into a working defense model that addresses several attack categories using higher efficiency controls, with sample deployment guides available on GitHub. Explore methods for collecting and analyzing logging and monitoring data at scale, including Windows Event Forwarding, Sysmon deployment, and Windows Defender telemetry data. Learn about automated remediation and incident response capabilities built into Windows Defender ATP, including handsfree triage and remediation through automation playbooks. Investigate basic malware hunting techniques such as frequency analysis, process trees, and other indicators of suspicious behavior. Conclude with a reinforcement of the importance of basic hygiene and properly implemented controls in effectively disrupting the kill chain.

Syllabus

15 - BruCON 0x0A - Disrupting the Kill Chain - Vineet Bhatia

Taught by

BruCON Security Conference

Reviews

Start your review of Disrupting the Kill Chain

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.