Search This Blog

Thursday, July 12, 2018

Come learn how to hunt on Windows quickly - SANS Threat Hunting & IR Summit


I am giving a talk at the SANS Threat Hunting & IR Summit in New Orleans Sept 6th & 7th.  You Can get more information here:



"This is the fastest way I found to hunt for malicious activity on Windows endpoints" will help people understand how to hunt and what to hunt for on Windows endpoints.

Saturday, April 21, 2018

Sample WinLogBeat.yml file for ELK and Humio users

We have published a sample WinLogBeat.yml file for ELK and Humio users to collect the right stuff and provide an example of how to exclude various events to collect less noise and make your log management experience easier.

This config can be expanded to collect more log events, or exclude more noisy normal events.  Refer to the other Cheat Sheets for more information on items to collect.  The Windows Logging Cheat Sheets may be found here:

You may find a copy of the sample WinLogBeat.yml file here:

Try out Humio, a new Cloud and On-Prem logging solution.  Humio is easy to use and they even offer a FREE version with 2GB of data with a 7 day retention.  Perfect for the home user and lab to begin and expand on your Windows logging expertise.  You can find Humio here:
Watch for a "Windows Humio Logging Cheat Sheet" coming in the near future!!!

Don't forget to send us your tips, suggestion and comments!!!

#Happy Hunting !!!

Saturday, March 10, 2018

New Incident Response Podcast

I have joined Brian Boettcher and started the "Brakeing Down Incident Response" podcast expanding the "Brakeing Down Security" podcast family.

We will focus on practical application on incident response in what we do in our daily IR tasks in order for others to learn and apply more Fu to their jobs.

So take a listen, send us comments and be sure to read the detailed show notes.
#Happy Hunting