Does your company use Windows or is most of the environment Windows? Come to this session to specifically learn the ins and outs of what are the most critical things needed in order to establish a respectable blueteam program at your organization. Do you know what Windows security event log 4688 mean? What about others? What are the event logs that you should know by hand or have a cheat-sheet for? What are some tools that you should be using and how can you automate them to help detect lateral movement. Also we will be leveraging opensource tools. No additional $ is not required. Trying harder building your technical skills and doing proactive threat hunting will help you and your team. ?Don?t worry all of this information will be useful for all no matter what level.? Per time permitting we might also quickly talk about incident response as well initially. Also bring your technical questions too during our Q&A session?

Back to BSidesCT 2019 video list