OS Analysis with HELK

Focused View

Aaron Rosenmund

29:39

97 View

Exercise Files

os-analysis-helk.zip

Module 1 - Course Overview

1. Course Overview.mp4

01:46

Module 2 - Using Windows Event Logs with HELK to Hunt for Advanced Adversary Activity

1. What Is a HELK Anyway .mp4

05:55

2. Getting Started with HELK.mp4

02:38

3. Collecting Windows Log Data Sources.mp4

03:07

4. Hunting with with Apache Spark and Graphframes.mp4

09:11

5. Investigating Anomalous Activity and Adversary Techniques.mp4

05:04

Module 3 - Resources

1. Learning to Hunt Better.mp4

01:58

Description

HELK provides machine learning and graph analysis to world class windows log collection and analysis across your enterprise not found in other tools, for free! In this course, you will learn to hunt adversary activity on endpoints using HELK.

What You'll Learn?

Though many cyber attack techniques can be effectively and heuristically identified by analyzing the endpoint logs, there are surprisingly few capabilities that focus solely on parsing windows logs and OS data and providing a platform to perform advanced statistical analysis. In this course, OS Analysis with HELK, you’ll cover how to utilize Hunt ELK to detect adversary endpoint attack techniques in an enterprise environment. First, you’ll see the gap that HELK fills with Windows event log analysis. Next, you'll explore how to operate the advanced hunt features provided by HELK. Finally, you’ll learn how to analyze a live dataset to hunt for adversary activity. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques: Kerberoasting T1208, Bits Jobs T1197, and indicator removal on hosts T1070 using HELK.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Machine Learning

Data Analysis

Aaron Rosenmund

Instructor's Courses

Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber security workforce and technologies for business and national enterprises alike. In support of the Air National Guard, he contributes those skills part time in various initiatives to defend the nation in cyberspace. Certifications: GIAC GCIA, GIAC GCED, CCNA Cyber Operations, Pentest+, CySa+, CASP www.AaronRosenmund.com @arosenmund "ironcat"

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.