This course covers Windows Event Logs, Windows Event Forwarding, Cuckoo Malware Lab, Alerting vs. Exploring, Event Tracing for Windows, PowerShell, Active Directory, and monitoring techniques. The course aims to teach students how to effectively utilize Windows Event Logs for monitoring and troubleshooting purposes. The intended audience for this course includes IT professionals, system administrators, cybersecurity enthusiasts, and anyone interested in understanding Windows event logging. The teaching method involves a combination of theoretical explanations, practical demonstrations, and real-world examples.
Overview
Syllabus
Intro
Windows Event Logs? Really?
Windows Event Forwarding
How many logs (EPS) are we talking about?
Description of our Cuckoo Malware Lab
Alerting vs. Exploring
Continued... (Deep Panda Sample)
Adding Local Admin
Event Tracing for Windows
PowerShell
AD: Right to Control All Users
Monitoring Your Monitoring
One-offs, Gotchas, and Recommendations
Questions?
