BSides Iowa 2018: "Threat Hunting Windows Event Logs w/ Powershell"

BSides Iowa 2018 - Track 1 Speaker: Justin Williams This talk will cover the basics of using the system events on Windows to perform threat hunting and tracking using Sysmon and PowerShell. It will give the attendee some introductory functions and introduce them to larger threat hunting frameworks they can take back to their networks to correlate events across their enterprises. It will allow them to better tune their existing policies if using a SIEM to make sure they’re capturing useful event data, and not just logging everything to look for the needle in the haystack.