What's in the Box?? | I.R. Summit 2024
Вставка
- Опубліковано 23 січ 2025
- /// 🔗 Register for webcasts, summits, and workshops -
blackhillsinfo...
What's in the Box?? | I.R. Summit 2024
Small businesses often lack basic security controls and are often not aware of what to do. Although we cannot always prevent an attack, we can at least detect it and provide information to others.
In this talk we will learn about techniques that can be employed to protect small businesses that lack a dedicated IT presence. This will include both proactive and reactive measures.
We will dive into deploying and using the Elastic Stack and Sysmon to provide post incident telemetry without a lot of hassle for the business and configure Microsoft Defender and the Edge browser to provide a low-cost solution to endpoint defense.
Finally we will “sprinkle the network with pocket litter” by deploying Canary Tokens to help detect, both external and internal threats to the network and data.
///Chapters
00:09 - whoami
00:58 - Why does this talk matter? Affordable solutions for SMB.
01:51 - Agenda
02:09 - SANS IR Process
02:31 - IR Process at most SMBs
04:40 - The Aircraft Black Box
05:26 - The Cyber Black Box
07:03 - What’s in the Box?
08:16 - How the box fits into the IR Process
09:15 - Endpoints
09:39 - Microsoft Defender
10:57 - Canarytokens
13:43 - Where to get ELK
14:34 - DEMO
16:19 - Configuring log specs
17:42 - Adding an agent
19:39 - Google Workspace Integration
20:06 - Cisco Duo Integration location
20:58 - Log Analysis
21:53 - Adding Rules
22:38 - Q & A - What sets off a canarytoken?
24:31 - Q & A - Does Elastic have an AI assistant?
24:59 - Q & A - Recommended specs for headless box?
25:42 - Q & A - Recommended honeypots?
26:12 - Q & A - Recommended SYSMON configs?
/// 📄 View our Pay-What-You-Can Courses
www.antisyphon...
/// 📄 View the Antisyphon Course Catalog
www.antisyphon...
/// 📄 View Our Live Training Course Calendar
www.antisyphon...
/// 📄 Antisyphon Training Roadmap
www.antisyphon...
///Antisyphon Socials
Twitter: / antisy_training
Mastodon: infosec.exchan...
LinkedIn: / antisyphon-training
Discord: / discord
///Antisyphon Training
Pay What You Can: www.antisyphon...
Live Training: www.antisyphon...
On Demand Training: www.antisyphon...
///Antisyphon Shirts
spearphish-gen...
///Educational Infosec Content
Black Hills Infosec UA-cam: / blackhillsinformations...
Black Hills Infosec Blogs: www.blackhills...
Wild West Hackin' Fest UA-cam: / wildwesthackinfest
Active Countermeasures UA-cam: / activecountermeasures
///Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsa...
Play B&B Online: play.backdoors...
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackin...
#bhis #antisyphon #infosec #CyberSecurity #training
![Lp. Сердце Вселенной #60 РОЖДЕНИЕ ЛОЛОЛОШКИ [Финал] • Майнкрафт](http://i.ytimg.com/vi/YoR0pAV9FVQ/mqdefault.jpg)
+1 for elastic