Defensive Go back to all


Free Workshop: Threat Detection and Hunting with PurpleLabs #2

- By Leszek Miś

The first workshop of the PurpleLabs series generated a great deal of interest in the scope of detection and threat hunting!
We need to keep learning how adversaries are operating, so after a good introduction to the subject, it’s time for the next step.

During hands-on session #2, Leszek is going to demonstrate how to create and simulate chain attack steps:

  • Rundll32 communicating with public IP addresses
  • CMSTP Execution
  • Mshta executing VBScript
  • Disabling Windows Defender / modifying Windows Firewall
  • Suspicious non-browser attempts to access suspicious URL
  • Suspicious scheduled task creation
  • Powershell execution with IP arguments
  • Malicious Named Pipe
  • Suspicious Linux Reverse Shell Command Line
  • Linux kernel space rootkit
  • and more

Watch it here: