This course aims to teach learners how to build an effective intrusion detection program using free or inexpensive tools. The course covers techniques to detect breaches in a timely manner, including cloud apps, endpoints, and network security monitoring. The teaching method includes tool demonstrations and real-world examples of logging, NSM, Mac, Windows, and network monitoring. This course is intended for individuals interested in enhancing their intrusion detection skills and knowledge.
Overview
Syllabus
Intro
Assumptions
Social stuff: Be nice.
Tool talk: Logging
Re: Logging Log everything
Tool talk: NSM
3. Tool talk: Macs
3. Tool talk: Windows
Examples: Cloud logging. Google Logins.
4. Examples: Cloud logging. Dropbox logins. Example query
Dropbox logins cont.
4. Examples: Windows Office Macro Implants
Skip a few steps...
End result
4. Examples: Windows Powershell
Windows PS cont
4. Examples: Mac implants wlosquery
Mac & osquery cont: (edited for readability)
4. Examples: Mac implants w/Santa
4. Examples: Network monitoring Bro FTW
Q&A Questions? Comments?
Taught by
Security BSides San Francisco
