OS Analysis with OSSEC 3

Focused View

Michael Edie

24:43

96 View

Exercise Files

os-analysis-ossec.zip

Module 1 - Course Overview

1. Course Overview.mp4

01:06

Module 2 - Monitor OS Activity with OSSEC

1. Detect User Account Creation.mp4

02:37

2. Demo_ Detect User Account Creation in Windows.mp4

04:09

3. Demo_ Detect User Account Creation in Linux.mp4

02:44

4. Detect Authentication Bypass Using Accessibility Features.mp4

01:43

5. Demo_ Detect Authentication Bypass Using Accessibility Features.mp4

06:20

6. Detect Persistence Using Scheduled Tasks.mp4

02:19

7. Demo_ Detect Persistence Using Scheduled Tasks.mp4

02:39

Module 3 - Resources

1. OSSEC Resources.mp4

01:06

Description

OSSEC is an opensource Host Intrusion Detection System (HIDS). In this course, you will learn OS Analysis using OSSEC.

What You'll Learn?

Cyber criminals often use native tools and functions of an operating system in order to perpetrate their attacks. In this course, OS Analysis with OSSEC 3, you’ll learn how to utilize OSSEC to detect authentication bypass and persistence techniques in an enterprise environment. First, you’ll learn how to detect rogue user account creation. Next, you’ll discover how accessibility features can be used for authentication bypass. Finally, you’ll analyze OSSEC logs to identify persistence using Windows scheduled tasks. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques: Create Account: Local Account T1136.001, Event Triggered Execution: Accessibility Features T1546.008, Schedule Task/Job: Scheduled Task T1053.005 using OSSEC.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Penetration Testing

Operating System Creation

Michael Edie

Instructor's Courses

Michael Edie, aka “the mechanic,” is a 23-year US Army Veteran and Information Security Engineer. He currently serves as a Technical Lead in a Cyber Operations Organization and President of the Augusta Information Systems Security Association (ISSA) chapter. Previously, he has served on Digital Forensics and Incident Response (DFIR), threat hunt, and compliance inspection teams. Michael is passionate about Information Security and enjoys contributing to the community through his blog at https://blog.edie.io and projects at https://github.com/tankmek. He is the Executive Director and Co-Founder of smashthestack.org, a software vulnerability, and exploitation educational platform. Additionally, Michael has volunteered to speak at local nonprofits such as the Cyber Discovery Group (CDG) and NERD Nights. Outside the technical domain, he enjoys spending time with his wife and kids, motorcycling, cryptocurrency, and chess.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.