OS Analysis with OSSEC 3
OSSEC is an opensource Host Intrusion Detection System (HIDS). In this course, you will learn OS Analysis using OSSEC.
What you'll learn
Cyber criminals often use native tools and functions of an operating system in order to perpetrate their attacks. In this course, OS Analysis with OSSEC 3, you’ll learn how to utilize OSSEC to detect authentication bypass and persistence techniques in an enterprise environment. First, you’ll learn how to detect rogue user account creation. Next, you’ll discover how accessibility features can be used for authentication bypass. Finally, you’ll analyze OSSEC logs to identify persistence using Windows scheduled tasks. When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques: Create Account: Local Account T1136.001, Event Triggered Execution: Accessibility Features T1546.008, Schedule Task/Job: Scheduled Task T1053.005 using OSSEC.
Table of contents
- Version Check 0m
- Detect User Account Creation 3m
- Demo: Detect User Account Creation in Windows 4m
- Demo: Detect User Account Creation in Linux 3m
- Detect Authentication Bypass Using Accessibility Features 2m
- Demo: Detect Authentication Bypass Using Accessibility Features 6m
- Detect Persistence Using Scheduled Tasks 2m
- Demo: Detect Persistence Using Scheduled Tasks 3m
About the author
Michael is a results-oriented and agile Senior Security Engineer with 10+ years of experience in the public and private sectors. He is a proactive and iterative cyber threat hunter specializing in detection engineering, DFIR, and automation. Michael has led teams and directed collaborative efforts to develop and implement strategies for mitigating evolving threat trends. He is the Founder and Principal Consultant of Sawbox Consulting, where he identifies and resolves security issues, implements ... more