Overview
This course covers the fundamentals of Windows Event Logs, including Windows Event Forwarding, Task Scheduling, Bad Logins, Event Tracing, PowerShell, Wireless Attacks, and more. The course aims to teach students how to effectively monitor and analyze Windows Event Logs for security purposes. The teaching method includes practical demonstrations and examples. This course is intended for individuals interested in cybersecurity, particularly in the area of Windows security and event log analysis.
Syllabus
Windows Event Logs? Really?
#1 Most Important Prereq
Windows Event Forwarding
Description of our Cuckoo Malware Lab
Alerting vs. Exploring
Continued... (Deep Panda Sample)
Task Scheduling (4698 OR 106)
Bad Logins (4776)
Event Tracing for Windows
PowerShell
Wireless Attacks & Misuse
Few More Hunting Possibilities
Monitor Your Monitoring
One-offs, Gotchas, and Recommendations
Recommended GPOS
Questions?