We are all familiar with Microsoft Windows style logging in the form of Event Logs (EV). How many of you have had to decipher an event log such as Event 4688 to come to find out that it lacks valuable details that could assist you in your threat hunting, security monitoring or incident response activities. In many cases, event logs may be the back-bone of your security logging capabilities if you are in a restrictive environment such as an industrial control system (ICS) setting. There is a valuable alternative to simply relying on event logs. This presentation will introduce attendees to the free Sysinternals tool, Sysmon. Are you an incident responder? SOC analyst? Does your job require you to work with Windows event logs? Do you need to reconstruct attacker timelines? Sysmon is an invaluable tool and a must-have in a Windows environment. During this workshop we will discuss implementation techniques, use cases, and integration with other security tools through demonstrations.
About the Presenter
Peter Morin leads Grant Thornton’s National Cybersecurity practice in Canada. He leverages over 25 years of experience to help clients develop robust Cybersecurity program strategies. This includes advising organizations in areas ranging from industrial and control system (ICS) security, network security architecture, threat hunting and red-teaming to cloud security, incident response, computer forensics and beyond. Throughout Peter’s career, he has held senior positions with numerous organizations, including a global Cybersecurity consulting firm, a national telecommunications and media company, a Fortune 500 cloud-computing company, a recognized Cybersecurity software company and a major US defense contractor. Peter holds several industry designations, including as a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Data Privacy Solutions Engineer (CDPSE) and a GIAC Certified Forensics Analyst (GCFA). As a public speaker, Peter has presented at numerous events held by the FBI, US Department of Homeland Security, Conference Board of Canada, FIRST, BSides, SecTor, SANS, Blackhat, Public Safety Canada, IIA and ISACA. Peter is also a frequent guest lecturer at colleges and universities across North America, and have been featured in such publications as SC Magazine, National Post and Penetration Testing Magazine.
Информация по комментариям в разработке