Paula Januszkiewicz ran 2 x training workshops on Hacking and Securing Windows Infrastructure on 4- & 6-7. In these super-practical hands-on sessions, she covered the critical tasks for designing and implementing secure infrastructures and taking a look at vulnerability verification, and securing techniques.

Black Hat USA 2018  - blackhat post03 - Black Hat USA 2018: CQSysmonToolkit: Advanced System Monitoring Toolkit

On August 8 Paula presented a session entitled CQSysmon : System at the Arsenal part of the conference where she presented some of CQURE authored, unique tools.

- blackhat post01 - Black Hat USA 2018: CQSysmonToolkit: Advanced System Monitoring Toolkit

Info about the CQSysmon Toolkit session

Our toolkit has proven to be useful in the 25000 computers environment! It relies on a free Sysmon deployment and its goal is to boost information delivered by the original tool. CQSysmon Toolkit allows you to extract information about what processes have been running in the operating system, get their hashes and submit them into Virus Total for the forensic information about the malware cases. It also allows to extract information into spreadsheet about what types of network connections have been made: what is the destination IP address, which process was responsible for it and who is the owner of IP. The toolkit also allows to extract information about the current system configuration and compare it with the other servers and much more that allows to become familiar of what is going on in your operating system. There is a special bonus tool in a toolkit that allows to bypass some parts of the Sysmon with another tool that allows to spot that situation so that everything stays in control. CQSysmon Toolkit allows you to established detailed monitoring of the situation on your servers and it is a great complement to the existing forensic tools in your organization.

Black Hat USA 2018  - cqure blog banner 750x200 wsi 02 - Black Hat USA 2018: CQSysmonToolkit: Advanced System Monitoring Toolkit

The resources from the session

Download the tools and slides HERE. (Password: CQUREAcademy#123!)



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here