Sep 1, 2018
We are back with a new episode this week! We got over our solutions for some of the #derbyCon ticket #CTF challenges and include links to some of the challenges. We talk about Windows Event Forwarder, and all log forwarders seem to losing events!
Thanks to our Patrons!
Gonna be at Derbycon, come see us!
Congrats to our Derbycon Ticket CTF winners!
2nd Place: @ohai_ninja
3rd Place: @SoDakHib
Mr. Boettcher’s Challenge (SuperCrypto): https://drive.google.com/open?id=1657hBxRbacJRw0svG1nwzZImON3QFn1t
Mr. Brake’s Challenge: https://drive.google.com/open?id=1gwGkLjWEZ42NlWiw2Eg8IQnnQAxua7B8
Update on Mental Health GoFundMe: http://www.derbycon.com/wellness
Thanks to the #Derbycon organizers for their time and patience on answering the questions posed.
Missing event issues:
Some issues with missing events…
Everyone is affected by this!
WEF & PowerBI is good for small installations.
Any GPOs involved?
Can it be done on a server by server basis?
Can an attacker simply disable the service once initial access is achieved?
Pros and Cons of feeding the WEF output to a MapReduce system?
Not sure if they've used it, but WEF vs. winlogbeat vs. NxLog?
Need a config? Get some examples here for nxlog, winlogbeat, filebeat, Windows Logging Service and other stuff...
Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email email@example.com
#Youtube Channel: http://www.youtube.com/c/BDSPodcast
#iTunes Store Link: https://brakesec.com/BDSiTunes
#Google Play Store: https://brakesec.com/BDS-GooglePlay
Our main site: https://brakesec.com/bdswebsite
#iHeartRadio App: https://brakesec.com/iHeartBrakesec
Comments, Questions, Feedback: firstname.lastname@example.org
Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon
#Player.FM : https://brakesec.com/BDS-PlayerFM
#Stitcher Network: https://brakesec.com/BrakeSecStitcher
#TuneIn Radio App: https://brakesec.com/TuneInBrakesec