In this webcast, we will cover what we can do if we think there is a breach on our network.



We will cover live forensics, cool PowerShell scripts, network, and event log analysis, cool IR spreadsheets, and checklists.



We will also be covering the status of our ELK project for reviewing Event ID 3 from Sysmon.



So, a lot… Yep… A crazy amount.



Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_ThinkYoureCompromised.pdf



00:00 – Intro



00:47 – “Ok, But Why”



02:17 – Have It The Wrong Way



04:35 – Have It The Right Way



06:58 – Lego My Incident Response



08:25 – Monologging On Mute



11:57 – Wouldn’t Be Prudent



14:29 – “Better Than Bad, It’s Good”



21:33 – A Van Full of Free Tools



44:10 – CSI: Memory



45:01 – We Got Cheat Sheets if You Want Some Cheat Sheets



47:20 – Overlapping Venn Diagrams



49:46 – Questions in the Wild



59:15 – Sucking at Capitalism

















Want to level up your skills and learn more straight from John himself?You can check out his classes below!



<a href="https://www.antisyphontraining.