OS Analysis with Wazuh 4

Focused View

Zach Roof

36:58

197 View

Exercise Files

os-analysis-wazuh.zip

Module 1 - Course Overview

1. Course Overview.mp4

01:13

Module 2 - Detecting Process-level and File-level Attacks with Wazuh

1. What Is Wazuh .mp4

05:01

2. Cybersecurity Frameworks.mp4

02:49

3. Simulation Environment Overview.mp4

02:16

4. Simulation Environment Installation.mp4

01:50

5. Merlin Foothold.mp4

04:25

6. Foothold Alerts.mp4

04:09

7. FIM and Netstat Configuration.mp4

01:44

8. Rule Syntax.mp4

02:05

9. Custom FIM Rule.mp4

02:59

10. Provoking FIM Active Response.mp4

01:48

11. Escalation Rule.mp4

04:10

Module 3 - Resources

1. Next Steps.mp4

02:29

Description

Want to learn how to detect process-level and file-level attacks? How about automatically blocking data exfiltration over a C2 channel? If so, you're in the right place! In this course you will learn OS Analysis using Wazuh.

What You'll Learn?

Detecting process-level and file-level attacks can be challenging. Additionally, many tools are "alert factories" that don't have the ability to remediate in-progress attacks. Luckily, Wazuh solves these problems! In this course, OS Analysis with Wazuh, you'll cover how to utilize Wazuh to respond to data exfiltration in an enterprise environment. First, you'll create a rule to detect malicious filesystem operations. Next, you'll uncover a rootkit through Wazuh by using a Python script. Finally, you'll leverage Wazuh's Active Response functionality to automatically quarantine the host (and prevent it from exfiltrating data). In this course, you will simulate all attacks through Merlin (a popular C2 service) so we can emulate real-world scenarios! (No prior Merlin experience is needed). When you're finished with this course, you'll have the skills and knowledge to detect these techniques: Scheduled Task/Job (T1053), Hijack Execution Flow (T1574), and Exfiltration Over C2 Channel (T1041).

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Network Security

Computer Network

Network Engineering

Network Monitoring

Zach Roof

Instructor's Courses

Zach describes himself as “an ordinary guy who’s extraordinarily curious about technology.” This curiosity has led to roles in Software Development, Application Security, DevOps, and Security Engineering. Currently, Zach is the Lead Security Engineer at Credible where he helps lead the security vision of a highly sensitive Fintech product. Outside of his day job, Zach has spoken at SyntaxCon, created cybersecurity tutorials through Securing The Stack, led an AWS Meetup group, and has provided cybersecurity consulting services. When not hitting the keyboard, Zach is hitting the trails! He is an avid hiker and enjoys the simplicity of nature. In fact, Zach’s favorite quote is “Simplicity is the ultimate sophistication” by Leonardo Da Vinci. Zach’s fondness of simplicity has manifested in his tutorials, where he aims to simplify complex topics in the areas of Software Development, DevOps, and Security.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.