Windows Ransomware Detection with Splunk (2 of 6) – Unusual Traffic – Tor, SMB, DNS, HTTP
In this 6-part series, Splunk’s James Brodsky walks through real-world examples of Windows ransomware detection techniques, using data from Vulnerability and Patch Management, Network Traffic, Windows Registry, Windows Events, and Windows Sysmon. This video covers how to network traffic logs to implement ransomware detection techniques such as communications from unusual processes, unwanted SMB communications from endpoints, network connections to TCP 445 or 139, domain PTR queries not in the Alexa 1M, and even detection before encryption (e.g. process running in user space to initiate download of encryptor code).
For more information:
Splunk Security Essentials for Ransomware: https://splunkbase.splunk.com/app/3593/
Splunk Security Essentials: https://splunkbase.splunk.com/app/3435/
Splunk Online Demo Experience (Try Ransomware techniques in a “safe”, guided sandbox with real “threats”): https://www.splunk.com/en_us/form/security-investigation-online-experience-endpoint.html
Видео Windows Ransomware Detection with Splunk (2 of 6) – Unusual Traffic – Tor, SMB, DNS, HTTP канала Splunk
For more information:
Splunk Security Essentials for Ransomware: https://splunkbase.splunk.com/app/3593/
Splunk Security Essentials: https://splunkbase.splunk.com/app/3435/
Splunk Online Demo Experience (Try Ransomware techniques in a “safe”, guided sandbox with real “threats”): https://www.splunk.com/en_us/form/security-investigation-online-experience-endpoint.html
Видео Windows Ransomware Detection with Splunk (2 of 6) – Unusual Traffic – Tor, SMB, DNS, HTTP канала Splunk
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Windows Ransomware Detection with Splunk (1 of 6) – Vulnerability Detection and Windows Patch StatusUncovering and Visualizing Malicious Infrastructure - SANS Threat Hunting Summit 2018Using Splunk Internal Indexes to Audit Security, Users, Searches and more.Playing with WannaCry RansomwareThreat Hunting Beacon AnalysisQRadar detecting Phishing and RansomwareSplunk Tutorials : SQL Injection DetectionSplunk SOAR Playbooks: Crowdstrike Malware TriageUse Case : Finding New Local Admin AccountsSplunk Security Investigations, Part 1: Threat DetectionCreating Reports in Splunk EnterpriseIntro to Feature Engineering with TensorFlow - Machine Learning Recipes #9Web Application Firewall Bypassing by Khalil BijjouPalo Alto Networks- DNS Sinkholeフォワーダーを使用したSplunk Cloudでのデータ取り込み方法Covert Command and Control over DNS with BeaconMachine Learning & AIOps: Why IT Operations & Monitoring Teams Should CareNetwork Forensic using WiresharkSplunk for Security Investigation: Endpoint Advanced Malware AnalysisUsing Splunk DB Connect