AmherstSec (@amherstsec) was kind enough to have me speak at the July 10, 2019 meetup. The topic was introductory in nature, but I wanted a place to list out additional resources for any folks looking to learn a bit more.
- Slides are available here
- Security Onion homepage
- Wazuh – host monitoring
- Zeek (Bro) – network analysis – not discussed in this presentation, but a very powerful tool that is included in Security Onion
- SwiftOnSecurity Sysmon Config
- Caldera by MITRE – attack simulation
- Malware Archaeology Cheat Sheets – Audit Polices
- [PDF] Attackers Inside the Walls: Detecting Malicious Activity – SANS Institute Information Security Reading Room
- [Webinar] Detecting Malicious Activity on a Budget – SANS Technology Institute
The Personal Blog of Sean Goodwin 