and device driver which provides detailed information about process creations, network connections, and changes to file creation time. • By collecting the events you can identify malicious or anomalous activity and understand how intruders and malware operate on your network. • Note that Sysmon does not provide analysis of the events it generates, nor does it attempt to protect or hide itself from attackers. Reference : - https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
emulation system that performs post- compromise adversarial behavior within enterprise networks. It generates plans during operation using a planning system and a pre- configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK™) project. Reference : - https://github.com/mitre/caldera https://www.blackhat.com/docs/eu-17/materials/eu-17-Miller-CALDERA-Automating-Adversary-Emulation.pdf
(powershell, cmd, etc) • Test framework against own infrastructure before attacker own’s you • Maturity of blue team is important • All teams (Red, Blue, Purple, etc) should work together
c0d3xpl0it
neuecc
cmusudakeisuke
chanyou0311
fumiyasac0921
ewolff
shujisado
sudoakiy
kamina_zzz
oracle4engineer
uhyo
ronnnnn
hiyanger
tammyeverts
scottboms
colly
maltzj
jrom
honnibal
jeffersonlam
rasmusluckow
geeforr
hannesfritz
morganepeng
eileencodes
