Paula Januszkiewicz ran 2 x training workshops on Hacking and Securing Windows Infrastructure on August 4-5 & 6-7. In these super-practical hands-on sessions, she covered the critical tasks for designing and implementing secure infrastructures and taking a look at vulnerability verification, and securing techniques.
On August 8 Paula presented a session entitled CQSysmon Toolkit: Advanced System Monitoring Toolkit at the Arsenal part of the conference where she presented some of CQURE authored, unique tools.
Info about the CQSysmon Toolkit session
Our toolkit has proven to be useful in the 25000 computers environment! It relies on a free Sysmon deployment and its goal is to boost information delivered by the original tool. CQSysmon Toolkit allows you to extract information about what processes have been running in the operating system, get their hashes and submit them into Virus Total for the forensic information about the malware cases. It also allows to extract information into spreadsheet about what types of network connections have been made: what is the destination IP address, which process was responsible for it and who is the owner of IP. The toolkit also allows to extract information about the current system configuration and compare it with the other servers and much more that allows to become familiar of what is going on in your operating system. There is a special bonus tool in a toolkit that allows to bypass some parts of the Sysmon with another tool that allows to spot that situation so that everything stays in control. CQSysmon Toolkit allows you to established detailed monitoring of the situation on your servers and it is a great complement to the existing forensic tools in your organization.
The resources from the session
Download the tools and slides HERE. (Password: CQUREAcademy#123!)