Eric Conrad

Author, SANS Faculty Fellow, and CTO of Backshore Communications

Friday, September 23, 2016

DeepBlueCLI: a PowerShell Module for Hunt Teaming via Windows Event Logs

Here's a video of my 2016 DerbyCon talk DeepBlueCLI. Thank you, @irongeek_adc

A copy of my 2016 DerbyCon talk DeepBlueCLI slides:

Github site: https://github.com/sans-blue-team/DeepBlueCLI

Link to my Quality Not Quantity talk, which inspired DeepBlueCLI.

Posted by Eric Conrad at 3:30 PM No comments:

Wednesday, September 07, 2016

C2 Phone Home: Leveraging SecurityOnion to Identify Command and Control Channels

Video of the talk

Links from my Security Onion Con 2016 talk:

C2 Phone Home: Leveraging SecurityOnion to Identify Command and Control Channels

Link to all pcaps, Bro logs and Whitecap Snort Rules

Posted by Eric Conrad at 6:09 PM No comments:

Newer Posts Older Posts Home

Subscribe to: Posts (Atom)

About Me

Eric Conrad: Peaks Island, ME, United States; CTO, Backshore Communications

I am a SANS Faculty Fellow, co-author of SANS Security 511, MGT 414, and Security 542.

I am GIAC GSE #13.

I am a graduate of the SANS Technology Institute, with a Master of Science in Information Security Engineering (MSISE)

My Amazon author page

Email me: blogger7@backshore.net

Bluesky: @ericconrad.com

View my complete profile

My videos and podcasts

Cyber Security Interviews - You need to be interested beyond 9-5
DerbyCon 2017: Introducing DeepBlueCLI v2 now available in PowerShell and Python
Paul's Security Weekly #519
How to become a SANS instructor
DerbyCon 2016: Introducing DeepBlueCLI a PowerShell module for hunt teaming via Windows event logs
Security Onion Con 2016: C2 Phone Home
Long tail analysis

CISSP® Study Guide

CISSP® Study Guide, 3rd Edition

Twitter

Follow @eric_conrad

LinkedIn

My Books

CISSP Study Guide 3E
Eleventh Hour CISSP 2E

Join My Lists

CISSP
Sec511 Alumni

Upcoming Conferences

http://www.sans.org/instructors/eric-conrad

My Infosec Papers and Links

Waking Sleeping Dogs: Information Security Ethics
MGT 414 Images
CISSP Study Guide Errata

SANS GIAC Certifications and Gold Research

My SANS GIAC certifications
Detecting Spam with Genetic Regular Expressions
A Heap o’ Trouble / Heap-based flag insertion buffer overflow in CVS

Blog Archive

► 2024 (2)
- ► April (2)

► 2023 (3)
- ► June (2)
- ► January (1)

► 2022 (1)
- ► April (1)

► 2020 (5)
- ► August (1)
- ► June (2)
- ► May (1)
- ► January (1)

► 2019 (3)
- ► November (1)
- ► May (1)
- ► April (1)

► 2018 (4)
- ► December (2)
- ► April (2)

► 2017 (2)
- ► September (1)
- ► April (1)

▼ 2016 (5)
- ► October (1)
- ▼ September (2)
  - DeepBlueCLI: a PowerShell Module for Hunt Teaming ...
  - C2 Phone Home: Leveraging SecurityOnion to Identif...
- ► August (1)
- ► April (1)

► 2015 (4)
- ► December (1)
- ► November (1)
- ► April (1)
- ► January (1)

► 2014 (1)
- ► March (1)

► 2013 (3)
- ► June (1)
- ► May (2)

► 2012 (6)
- ► September (1)
- ► July (2)
- ► May (1)
- ► March (1)
- ► February (1)

► 2010 (5)
- ► September (1)
- ► August (1)
- ► July (1)
- ► May (1)
- ► March (1)

► 2009 (9)
- ► November (2)
- ► August (1)
- ► June (1)
- ► April (1)
- ► March (4)

► 2008 (13)
- ► December (3)
- ► November (1)
- ► October (3)
- ► August (1)
- ► July (1)
- ► April (1)
- ► March (2)
- ► February (1)

► 2007 (21)
- ► December (1)
- ► November (1)
- ► October (3)
- ► September (2)
- ► July (2)
- ► June (4)
- ► April (3)
- ► March (3)
- ► February (2)

Network/Security Blogs

SANS Technology Institute: Security Laboratory
The Internet Storm Center
F-Secure's Security Blog

Awesome Inc. theme. Powered by Blogger.