Expanded Library

OS Analysis with OSSEC 3

by Michael Edie

OSSEC is an opensource Host Intrusion Detection System (HIDS). In this course, you will learn OS Analysis using OSSEC.

What you'll learn

Cyber criminals often use native tools and functions of an operating system in order to perpetrate their attacks. In this course, OS Analysis with OSSEC 3, you’ll learn how to utilize OSSEC to detect authentication bypass and persistence techniques in an enterprise environment. First, you’ll learn how to detect rogue user account creation. Next, you’ll discover how accessibility features can be used for authentication bypass. Finally, you’ll analyze OSSEC logs to identify persistence using Windows scheduled tasks. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques: Create Account: Local Account T1136.001, Event Triggered Execution: Accessibility Features T1546.008, Schedule Task/Job: Scheduled Task T1053.005 using OSSEC.

About the author

Michael Edie, aka “the mechanic,” is a 23-year US Army Veteran and Information Security Engineer. He currently serves as a Technical Lead in a Cyber Operations Organization and President of the Augusta Information Systems Security Association (ISSA) chapter. Previously, he has served on Digital Forensics and Incident Response (DFIR), threat hunt, and compliance inspection teams. Michael is passionate about Information Security and enjoys contributing to the community through his blog at https://... more

Ready to upskill? Get started