BHIS | Offensive Windows Event Logs | Tim Fowler | 1 Hour

Join us in the Black Hills InfoSec Discord server here: https://discord.gg/BHIS to keep the security conversation going! Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- https://www.blackhillsinfosec.com/ 00:00 - Offensive Windows Event Logs | Tim Fowler 01:00 - What is lurking in your event logs? 01:58 - What Not to Expect… 02:36 - How this started… 04:15 - Back to the Basics 04:41 - Windows Event Log Basics 06:52 - Event Sources 07:39 - Event Message Files 10:27 - Creating Logs / Sources (As Admin) 13:45 - Event Log Security 15:22 - Now what…? Create an Event Log 20:52 - But Wait… There’s More! 22:52 - 61,440 Bytes 23:55 - Starting to get offensive 24:47 - Retrieving Payload from Event Logs 29:58 - Live Demo! 55:17 - In Conclusion 57:46 - Post-Show Questions & Banter Description: For years, blue teams have been using Windows event logs to track the activities of red teams and threat actors alike, but now we flip the table and use the logs for offensive purposes. In this Black Hills Information Security (BHIS) webcast, Tim Fowler will take us through the steps of developing working PoCs and the lessons learned along the way. Slides:https://s1hb.sharepoint.com/:b:/g/Content&Community/ERQ7PfKGaL1Mj4MG2cLMyboBi5nAz_dsuBFlW5NtLhRLXQ?e=eUOemP Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Active Countermeasures YouTube: https://youtube.com/activecountermeasures Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/ #bhis #infosec