Free Workshop: Threat Detection and Hunting with PurpleLabs #2
The first workshop of the PurpleLabs series generated a great deal of interest in the scope of detection and threat hunting!
We need to keep learning how adversaries are operating, so after a good introduction to the subject, it’s time for the next step.
During hands-on session #2, Leszek is going to demonstrate how to create and simulate chain attack steps:
- Rundll32 communicating with public IP addresses
- CMSTP Execution
- Mshta executing VBScript
- Disabling Windows Defender / modifying Windows Firewall
- Suspicious non-browser attempts to access suspicious URL
- Suspicious scheduled task creation
- Powershell execution with IP arguments
- Malicious Named Pipe
- Suspicious Linux Reverse Shell Command Line
- Linux kernel space rootkit
- and more
Watch it here: