ShimCache and AmCache enterprise-wide hunting - SANS Threat Hunting Summit 2017
Вставка
- Опубліковано 25 лип 2024
- The presentation will focus around the open source release of a tool designed to efficiently process and analyse ShimCache and AmCache data at scale for enterprise-wide hunting purposes. The tool is designed as a framework with which to explore new analytics but will be released with some of our own custom-built analytics in it like: time execution correlation, Levenshtein distance analysis and time stacking to name a few.
Matias Bevilacqua, Senior Incident Response Consultant, Mandiant - Наука та технологія
This presentation is fantastic!
Instablaster
Fantastic tool, was able to jump in and process data for about 3500 endpoints without much setup :) great work!
Matt May how did you collect the shimcache and amcache across those hosts?
Parece un buen tío
The closed caption seems to be from a different talk or something. Very distracting!