DiscoverAuditCasts with David Hoelzer#18: Detecting APT and Malware through Baseline Auditing
#18: Detecting APT and Malware through Baseline Auditing

#18: Detecting APT and Malware through Baseline Auditing

Update: 2011-10-11
Share

Description

I've been saying for years that Change Control is one of the most critical processes in our enterprise and the one that we are failing to follow most often. When you consider the 20 Critical Controls, you'll find that at least 5, and likely more, are directly related to how well you know the systems in your business. In fact, if you know your systems well you are poised to be able to discover any 0-day infections and most any APT like (Advanced Persistent Threat) threats. How can you know your systems well? Watch this webcast for a demonstration!
The Show Notes for this episode along with copies of the scripts demonstrated can be obtained here: http://it-audit.sans.org/blog/2011/10/11/detecting-apt-and-other-zero-day-malware-through-service-auditing/
Comments 
In Channel
#35: Course Notes - 507

#35: Course Notes - 507

2014-07-21--:--

#34: Heartbleed Creates Heartburn

#34: Heartbleed Creates Heartburn

2014-04-1413:45

#33: Analyzing Layer 2 with Wireshark

#33: Analyzing Layer 2 with Wireshark

2014-02-1424:10

#32: Auditing the Cloud!

#32: Auditing the Cloud!

2013-10-1934:39

#31: Parent Process IDs

#31: Parent Process IDs

2013-10-1413:47

#30: Baselining Services

#30: Baselining Services

2013-10-1410:46

#29: Automating Tripwire

#29: Automating Tripwire

2013-10-1420:27

#28: Basic UNIX Scripting

#28: Basic UNIX Scripting

2013-10-1414:53

#27: UNIX: Basic Commands and Usage

#27: UNIX: Basic Commands and Usage

2013-10-0817:22

#26: Using the VI Editor

#26: Using the VI Editor

2013-10-0810:40

#25: Building Powershell Modules - Extracting Arbitrary Objects out of Active Directory

#25: Building Powershell Modules - Extracting Arbitrary Objects out of Active Directory

2012-03-1520:21

#24: Extracting Last Logon Times from Active Directory using Powershell

#24: Extracting Last Logon Times from Active Directory using Powershell

2012-03-0528:55

#23: Exploitation Step By Step

#23: Exploitation Step By Step

2011-11-1601:04:57

#22: Man in the Middle with DNS Spoofing and WPAD - How To

#22: Man in the Middle with DNS Spoofing and WPAD - How To

2011-11-0911:36

#21: VisualSniffPerms

#21: VisualSniffPerms

2011-11-0804:11

#20: DNS Sinkhole for Malware Defense and Policy Enforcement

#20: DNS Sinkhole for Malware Defense and Policy Enforcement

2011-11-0210:54

#19: Detecting Signs of APT and Malware

#19: Detecting Signs of APT and Malware

2011-10-1711:01

#18: Detecting APT and Malware through Baseline Auditing

#18: Detecting APT and Malware through Baseline Auditing

2011-10-1113:14

#17: Man in the middle Web attacks using WPAD

#17: Man in the middle Web attacks using WPAD

2011-09-3010:41

#16: Hacking Windows User Accounts with Powershell

#16: Hacking Windows User Accounts with Powershell

2011-09-2111:05

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

#18: Detecting APT and Malware through Baseline Auditing

#18: Detecting APT and Malware through Baseline Auditing

david hoelzer