OS Analysis with Wazuh 4
|
Want to learn how to detect process-level and file-level attacks? How about automatically blocking data exfiltration over a C2 channel? If so, you’re in the right place! In this course you will learn OS Analysis using Wazuh.
Detecting process-level and file-level attacks can be challenging. Additionally, many tools are “alert factories” that don’t have the ability to remediate in-progress attacks. Luckily, Wazuh solves these problems! In this course, OS Analysis with Wazuh, you’ll cover how to utilize Wazuh to respond to data exfiltration in an enterprise environment. First, you’ll create a rule to detect malicious filesystem operations. Next, you’ll uncover a rootkit through Wazuh by using a Python script. Finally, you’ll leverage Wazuh’s Active Response functionality to automatically quarantine the host (and prevent it from exfiltrating data). In this course, you will simulate all attacks through Merlin (a popular C2 service) so we can emulate real-world scenarios! (No prior Merlin experience is needed). When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques: Scheduled Task/Job (T1053), Hijack Execution Flow (T1574), and Exfiltration Over C2 Channel (T1041).
Author Name: Zach Roof
Author Description:
Zach describes himself as “an ordinary guy who’s extraordinarily curious about technology.” This curiosity has led to roles in Software Development, Application Security, DevOps, and Security Engineering. Currently, Zach is the Lead Security Engineer at Credible where he helps lead the security vision of a highly sensitive Fintech product. Outside of his day job, Zach has spoken at SyntaxCon, created cybersecurity tutorials through Securing The Stack, led an AWS Meetup group, and has provided cy… more
Table of Contents
- Course Overview
1min - Detecting Process-level and File-level Attacks with Wazuh
33mins - Resources
2mins
User Reviews
Be the first to review “OS Analysis with Wazuh 4”
Related Products
Microsoft Purview: Mitigating Insider Risks in Microsoft 365
Learn to mitigate insider risks in Microsoft 365 and create barriers to safeguard sensitive information, plan and enforce risk policies, investigate activities, and use advanced analytics for risk assessment.
Salesforce Shield – Data Monitoring and Data Encryption
With Shield, Salesforce has provided a robust feature set that secures the platform. This course will teach you when it’s appropriate to use Shield encryption and how to enable, setup, and configure the platform.
Data Security Champion: Secure Data Storage
Enhance your data skills with security insights. This course will teach you to integrate key data security practices into your role.
PCI DSS: Restricting Access to Cardholder Data
Requirements 7, 8 & 9 of PCI DSS version 3.2.1 are to Implement Strong Access Control Measures for logical and physical cardholder data. You'll understand what each requirement asks for and discover practical guidance from experienced PCI assessors.
Securing SQL Server Applications
Dive deep into SQL Server application security! Learn vital techniques to protect data, detect vulnerabilities, and implement robust security practices to safeguard your applications.
Data Security Champion: Secure Transfer Protocols
Learn to protect data integrity. This course will teach you about secure data transfer protocols.
There are no reviews yet.