Conrad

@[email protected]
1,092 Followers
1,004 Following
161 Posts
SANS Fellow, lead author of The CISSP Study Guide, CTO of Backshore Communications, GIAC GSE #13. tootfinder
Websitehttps://ericconrad.com
Twitterhttps://twitter.com/eric_conrad
ConradApr 25, 2024

My Detecting Command and Control Frameworks via Sysmon and Windows Event Logging webcast just posted.

https://www.youtube.com/watch?v=x7xXEyTWgrs&list=PLs4eo9Tja8bj3__-glm8g0Bamd5kYm1SU

Here's the abstract: Prevention eventually fails. Bypassing tools such as Windows Defender Antivirus may be challenging, but it can be done. What then? What's left? Command and control (C2) frameworks such as Cobalt Strike, Sliver, and Metasploit typically leave telltale signs of their presence. This talk will largely be demo-based, showing how to analyze Windows event logs (including Sysmon logs) to hunt for traces left behind by modern C2 frameworks.

Detecting Command and Control Frameworks via Sysmon and Windows Event Logging

YouTube
ConradApr 6, 2024
Mark MorowczynskiDec 29, 2023
If there are any fellow #sabr #baseball nerds on here and interested in contributing to a 2005 #WhiteSox book that @conrad and I are co-editing let me know. We got several players that need biographies written as well as several games that need to be written up.
Show threadConradJun 24, 2023

@markmorow @Nerdpyle @carmencr @fpieces @ian_infosec @ajohnsocyber @khaxan @bjsplash @RichLang @zarchasmpgmr @Sqlcheesecake @blemley

My vote is yes. We can share invites with anyone in our group who's not over there yet

I check BlueSky a lot more than Mastodon

Show threadConradMay 19, 2023

@markmorow @Nerdpyle @carmencr @fpieces @ian_infosec @ajohnsocyber @khaxan @bjsplash @RichLang @zarchasmpgmr @Sqlcheesecake @blemley

When in doubt: false

Show threadConradMay 18, 2023
@Sqlcheesecake @markmorow @bjsplash @zarchasmpgmr @Nerdpyle @carmencr @fpieces @ian_infosec @ajohnsocyber @khaxan @RichLang @blemley
Show threadConradMay 18, 2023

@Sqlcheesecake @markmorow @Nerdpyle @carmencr @fpieces @ian_infosec @ajohnsocyber @khaxan @bjsplash @RichLang @zarchasmpgmr @blemley

Your answer implies that the card author can write a coherent question

Show threadConradMay 14, 2023

@markmorow @Nerdpyle @carmencr @fpieces @ian_infosec @ajohnsocyber @khaxan @bjsplash @RichLang @zarchasmpgmr @Sqlcheesecake @blemley

Jim Palmer

Show threadConradMay 11, 2023

@markmorow @Nerdpyle @carmencr @fpieces @ian_infosec @ajohnsocyber @khaxan @bjsplash @RichLang @zarchasmpgmr @Sqlcheesecake @blemley

Ohtani

Show threadConradMay 11, 2023

@zarchasmpgmr @markmorow @Nerdpyle @carmencr @fpieces @ian_infosec @ajohnsocyber @khaxan @bjsplash @RichLang @Sqlcheesecake @blemley

I just got an invite today (@econrad.bsky.social). So far I spotted @khaxan, @carmencr, and @Nerdpyle over there. I may be missing some folks

Show threadConradMay 9, 2023

@markmorow @Nerdpyle @carmencr @fpieces @ian_infosec @ajohnsocyber @khaxan @bjsplash @RichLang @zarchasmpgmr @Sqlcheesecake @blemley

Going with the most obscure... Carlos Lee