Understanding Sysmon & Threat Hunting with A Cybersecurity Specialist & Incident Detection Engineer

This discussion with Amanda Berlin, Lead Instant Detection Engineer at Blumira. The focus of the conversation is on utilizing Sysmon for threat hunting and testing detections in cybersecurity. Amanda, a seasoned cybersecurity professional, shares her expertise in detecting malicious behavior in the wild through practical examples. The discussion covers anomaly detection, the utilization of various tools (with links provided in the video description), and the importance of understanding threat detection in a real-world context. https://lawrence.video/ Links mentioned in the video - https://www.blumira.com/enable-sysmon/ - https://github.com/SwiftOnSecurity/sysmon-config - https://github.com/SecurityRiskAdvisors/VECTR - https://github.com/redcanaryco/atomic-red-team - https://www.blumira.com/how-to-test-your-siems-detections/ - https://thedfirreport.com/2023/12/18/lets-opendir-some-presents-an-analysis-of-a-persistent-actors-activity/ Sending Windows Event Logs to Graylog With NXLOG https://youtu.be/a3LbQow7i4Q Connecting With Us --------------------------------------------------- + Hire Us For A Project: https://lawrencesystems.com/hire-us/ + Tom Twitter 🐦 https://twitter.com/TomLawrenceTech + Our Web Site https://www.lawrencesystems.com/ + Our Forums https://forums.lawrencesystems.com/ + Facebook https://www.facebook.com/Lawrencesystems/ + GitHub https://github.com/lawrencesystems/ + Discord https://discord.gg/ZwTz3Mh Lawrence Systems Shirts and Swag --------------------------------------------------- ►👕 https://lawrence.video/swag/ AFFILIATES & REFERRAL LINKS --------------------------------------------------- Amazon Affiliate Store 🛒 https://www.amazon.com/shop/lawrencesystemspcpickup UniFi Affiliate Link 🛒 https://lawrence.video/unifi-affiliate All Of Our Affiliates that help us out and can get you discounts! 🛒 https://lawrencesystems.com/partners-we-love/ Gear we use on Kit 🛒 https://kit.co/lawrencesystems Use OfferCode LTSERVICES to get 10% off your order at 🛒 https://www.techsupplydirect.com?aff=2 Digital Ocean Offer Code 🛒 https://m.do.co/c/85de8d181725 HostiFi UniFi Cloud Hosting Service 🛒 https://hostifi.net/?via=lawrencesystems Protect you privacy with a VPN from Private Internet Access 🛒 https://www.privateinternetaccess.com/pages/buy-vpn/LRNSYS Patreon 💰 https://www.patreon.com/lawrencesystems CHAPTERS: 0:00 - Introductions 5:19 - Cyber Threat Defense Strategies 7:38 - Understanding Sysmon Essentials 13:57 - Exploring Sysmon Advantages 15:29 - Standard Deviation Explained 18:41 - Adversary Emulation Techniques 24:00 - Sysmon Use Case: Scenario 1 30:47 - Sysmon Use Case: Scenario 2 36:43 - Sysmon Use Case: Scenario 3 44:06 - Exchange Server Compromise Case Study 52:53 - Enhancing Detection with Testing 55:30 - Insights from Incident Response 57:21 - Conclusion and Thanks