Threat Hunting with Windows Event Forwarding
Course Content
In this course we will learn about Windows Event Forwarding. Not many people are aware of it and take advantage of this built-in native tool. Windows Event Forwarding (WEF) is a way you can get any or all event logs from Windows computers and collect them on one or more Windows Event Collector (WEC) servers.
We will provide a framework for detecting current Active Directory attack methods used by red teams for penetration testing including Lateral Movement and best practices from across the globe. The default configuration of windows does not track events required for investigation of incidents. In this course, we will provide configurations to allow you to setup verbose logging to detect suspicious events.
Prerequisites:
Understand and configure Active Directory Group Policies. Need to be familiar with Windows event logs. Need one or more Windows servers for event collection.Course Goals:
By the end of the course, students should be able to:Instructed by
My whole life, I’ve had a strong reverence for and connection with nature. It makes me feel alive and reminds me of the purpose of life. This relationship with the earth led me to hone my photography skills, so that I could better capture the beauty around us that moves me on a daily basis. After having my twins, a beautiful son and adorable daughter who are now seven, this passion became even stronger. My children prefer to be outdoors rather than inside, and this is my deepest and most ongoing source of inspiration.
My amazingly supportive wife and I also take a philanthropic stance when it comes to our children — for their birthday, we request donations to a local food bank instead of gifts. This is a reflection on the concept of Seva, which means “selfless service.” It’s part of our Sikh faith, which guides us as we seek to honor nature and others. In addition to photography and art, I also work as a cyber security expert and help people protect themselves from cyber criminals.
