Conrad

@[email protected]
1,092 Followers
1,004 Following
161 Posts
SANS Fellow, lead author of The CISSP Study Guide, CTO of Backshore Communications, GIAC GSE #13. tootfinder
Websitehttps://ericconrad.com
Twitterhttps://twitter.com/eric_conrad
ConradApr 25, 2024

My Detecting Command and Control Frameworks via Sysmon and Windows Event Logging webcast just posted.

https://www.youtube.com/watch?v=x7xXEyTWgrs&list=PLs4eo9Tja8bj3__-glm8g0Bamd5kYm1SU

Here's the abstract: Prevention eventually fails. Bypassing tools such as Windows Defender Antivirus may be challenging, but it can be done. What then? What's left? Command and control (C2) frameworks such as Cobalt Strike, Sliver, and Metasploit typically leave telltale signs of their presence. This talk will largely be demo-based, showing how to analyze Windows event logs (including Sysmon logs) to hunt for traces left behind by modern C2 frameworks.

Detecting Command and Control Frameworks via Sysmon and Windows Event Logging

YouTube
ConradApr 6, 2024
Mark MorowczynskiDec 29, 2023
If there are any fellow #sabr #baseball nerds on here and interested in contributing to a 2005 #WhiteSox book that @conrad and I are co-editing let me know. We got several players that need biographies written as well as several games that need to be written up.
Show threadConradMay 9, 2023

@fpieces @ian_infosec @ajohnsocyber @khaxan @bjsplash @RichLang @zarchasmpgmr @markmorow

Today I (tried to) archive Jim's tweets on archive.org. I don't know if it will work due to the state of Twitter's paid API bullshit. I'll let you know when I find out.

https://web.archive.org/save

In the meantime, please screenshot what you can

You may want to consider adding other loved one's posts to archive.org as well

Wayback Machine

ConradMay 9, 2023

@Nerdpyle @carmencr @fpieces @ian_infosec @ajohnsocyber @khaxan @bjsplash @RichLang @zarchasmpgmr @Sqlcheesecake @blemley @markmorow

Sorry to bring up a sad subject. The edgelord is deleting inactive accounts, including those of deceased people.

https://mashable.com/article/twitter-purge-inactive-accounts-deceased-user-concerns

Elon Musk says Twitter will start 'purging' dormant accounts

Twitter users, even Musk fans, plead with him to not remove accounts belonging to deceased users.

Mashable
ConradMay 4, 2023
Dan Vincent @ UserlandiaMay 3, 2023

RIP Peter Good, designer of the Hartford Whalers logo. He was a great inspiration to me. Designers everywhere will mourn this loss.

https://uni-watch.com/2023/05/03/peter-good-who-designed-the-hartford-whalers-logo-has-died/

Peter Good, Who Designed the Hartford Whalers’ Logo, Has Died

He leaves behind one of the most beloved logos in sports history.

Uni Watch
ConradApr 28, 2023
TProphetApr 28, 2023
Visited another ancient city in Kazakhstan. It cost a little under 50 cents to enter the sprawling and beautifully restored archaeological complex which brought 14th century history to life. I almost had the place to myself, on a perfect sunny day.
ConradApr 17, 2023
Tube Mapper - Luke AgbaimoniApr 17, 2023

Train Lines & Curves - Caledonian Road

I'm definitely biased, but I find the tiling, patterns, colours & decorations at London Underground station quite beautiful. Caledonian Road is a great example of this, I always enjoy taking photography here!

#streetphotography #streetphoto #railway #photography #photographer #london #mastoart #art #underground #londonunderground #potd #tiling #railway

ConradApr 16, 2023
KillrBunn3 (LocalAreaKnitwork)Apr 16, 2023

Hi Maine-based friends,

Just realized I didn't post about my talk! I'll be talking about attack emulation and building your own testing environment in Damariscotta on 4/20. Take a peek at dc207.org and look for the talk "Nuclear Testing" - that's me! Excited to see you all there, bring your questions!

#maine #dc207 #infosec #netsec #security #atomicredteam #attack

ConradApr 14, 2023

Semi-random photo #25. I spotted this walking home from my office today

Here's the backstory: https://www.pressherald.com/2023/04/07/police-chief-to-update-portland-council-on-response-to-neo-nazi-march/

District attorney: Police mishandled neo-Nazi rally that led to fight

In a memo to the council Friday, the chief said officers were unable to take enforcement action due to the circumstances surrounding a fight that broke out. But the district attorney said charges were possible and the response fell short.

Press Herald
ConradApr 14, 2023

I'm testing Sysmon 14.15, including FileBlockShredding.

https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon

It works well against Sysinternals' sdelete.

But: it does not prevent Metasploit's sdel post module from doing the same thing

Sysmon - Sysinternals

Monitors and reports key system activity via the Windows event log.