Session 2 Resources

2 Mar 2021

Great interaction again on today's session - thanks for joining in! I loved having a proper look at how code can be executed on your network and devices, and what Sophos EDR can do to help you threat hunt. We'll see more of that power in the remaining sessions.

Here's a few of the resources that Ashek mentioned and used - let me know in the comments below if you want anything further.

Generic Search query: https://community.sophos.com/intercept-x-endpoint/i/anomalies/generic-search
Cyberchef: https://gchq.github.io/CyberChef/
And also, here's a great SANS poster with lots of stuff to hunt for: https://share.ialab.dsu.edu/CRRC/Incident%20Response/Supplementary%20Material/SANS_Poster_2018_Hunt_Evil_FINAL.pdf

See you all again tomorrow!

Parents

Alexandre Rastello over 3 years ago

After your great session, I've tried to hunt on my local network with KALI (Shellter and Kiwi) on two W10's, one with the Sophos Endpoint Advanced X (EDR) and one without. The Threat Analisys Center is a wonderful tool. I can discover all the behaviors with my attack. Without the Endpoint, all was silent, no alarms, nothing. Fully hacked the W10 of my colleague . Now, I can demonstrate to my customers why they "must" buy EDR protection. Thank you for your sessions!

Alexandre Rastello - IT senior consultant - Sophos Architect
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Comment

Alexandre Rastello over 3 years ago

After your great session, I've tried to hunt on my local network with KALI (Shellter and Kiwi) on two W10's, one with the Sophos Endpoint Advanced X (EDR) and one without. The Threat Analisys Center is a wonderful tool. I can discover all the behaviors with my attack. Without the Endpoint, all was silent, no alarms, nothing. Fully hacked the W10 of my colleague . Now, I can demonstrate to my customers why they "must" buy EDR protection. Thank you for your sessions!

Alexandre Rastello - IT senior consultant - Sophos Architect
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Children

No Data