Understanding Sysmon & Threat Hunting with A Cybersecurity Specialist & Incident Detection Engineer [YouTube Release]

Additional Resources:

Links mentioned in the video

• Download, Install, and Configure Sysmon for Windows | Blumira
• GitHub - SwiftOnSecurity/sysmon-config: Sysmon configuration file template with default high-quality event tracing
• GitHub - SecurityRiskAdvisors/VECTR: VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
• GitHub - redcanaryco/atomic-red-team: Small and highly portable detection tests based on MITRE's ATT&CK.
• How to Test Your SIEM's Detections | Blumira
• Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity - The DFIR Report

Sending Windows Event Logs to Graylog With NXLOG

Connecting With Us

• Hire Us For A Project: Hire Us – Lawrence Systems
• Tom Twitter https://twitter.com/TomLawrenceTech
• Our Web Site https://www.lawrencesystems.com/
• Our Forums https://staging-forum.lawrencesystems.com/
• Instagram https://www.instagram.com/lawrencesystems/
• Facebook Lawrence Systems | Southgate MI
• GitHub lawrencesystems (Lawrence Systems) · GitHub
• Discord lawrencesystems

Lawrence Systems Shirts and Swag

►👕 https://lawrence.video/swag/

AFFILIATES & REFERRAL LINKS

Amazon Affiliate Store
Lawrence Systems's Amazon Page

All Of Our Affiliates that help us out and can get you discounts!
https://www.lawrencesystems.com/partners-and-affiliates/

Gear we use on Kit
Kit

Use OfferCode LTSERVICES to get 10% off your order at
Tech Supply Direct - Refurbished Tech at Unbeatable Prices

Digital Ocean Offer Code
DigitalOcean | Cloud Hosting for Builders

HostiFi UniFi Cloud Hosting Service
HostiFi - UniFi Cloud Hosting

Protect you privacy with a VPN from Private Internet Access
Buy VPN with Credit Card or PayPal | Private Internet Access

Patreon
lawrencesystems | creating Tech Tutorials & Reviews | Patreon

CHAPTERS:
0:00 - Introductions
5:19 - Cyber Threat Defense Strategies
7:38 - Understanding Sysmon Essentials
13:57 - Exploring Sysmon Advantages
15:29 - Standard Deviation Explained
18:41 - Adversary Emulation Techniques
24:00 - Sysmon Use Case: Scenario 1
30:47 - Sysmon Use Case: Scenario 2
36:43 - Sysmon Use Case: Scenario 3
44:06 - Exchange Server Compromise Case Study
52:53 - Enhancing Detection with Testing
55:30 - Insights from Incident Response
57:21 - Conclusion and Thanks