Wednesday, December 6, 2017

Is this blog still alive?

Is this blog still alive? That's a valid question since I haven't blogged for quite some time. 
(wow, has it really been more than 3 years!?)
So I finally decided to write another post about some stuff that happened in the meantime...

For the past few years I have been more active on Twitter (@c_APT_ure) and also presenting at conferences and collaborating in closed / trusted groups.

My most recent area of interest has been increasing endpoint visibility using Sysinternals Sysmon and sending logs into Splunk for incident detection and threat hunting.

My first presentation was in December 2016 at BotConf:

"Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk)"

Slides: https://www.botconf.eu/wp-content/uploads/2016/11/PR12-Sysmon-UELTSCHI.pdf
Video: https://www.youtube.com/watch?v=vv_VXntQTpE

In 2017 I gave an updated version on the same topic at the FIRST annual conference.

Slides: https://www.first.org/resources/papers/conf2017/Advanced-Incident-Detection-and-Threat-Hunting-using-Sysmon-and-Splunk.pdf

!! NEW !!
In April 2018 at FIRST TC Amsterdam, I gave an updated version from the FIRST 2017 talk.

Slides: FIRST-TC-2018_Tom-Ueltschi_Sysmon_PUBLIC.pdf


There are many good resources for further reading that I can suggest.


The list of resources may get updated every so often...

(last updated: 2017-12-07)

No comments:

Post a Comment