Monitoring Sensitive Windows Commands via CanaryTokens - Deploying Registry Entries via Group Policy

Name: Monitoring Sensitive Windows Commands via CanaryTokens - Deploying Registry Entries via Group Policy
Uploaded: 2022-09-12T12:57:57Z
Channel: IppSec
Description: 00:00 - Intro, you should be using centralized logging for this. But if not this hackjob will do 01:18 - Talking about the Sensitve Command Token 02:00 ...

IppSec · Beginner ·🔐 Cybersecurity ·3y ago

00:00 - Intro, you should be using centralized logging for this. But if not this hackjob will do 01:18 - Talking about the Sensitve Command Token 02:00 - Examining how this all works, creates three registry keys for Image File Execution Options and SilentProcessExit 03:50 - Talking about the "So much offense in my defense" phrase. Really loved it, showing a blog about using this technique as a persistence 04:50 - Showing the token works and what the email looked like 05:30 - Ranting more about "so much offense in my defense" and why blue teamers should learn red team techniques 08:20 - Creati…

Watch on YouTube ↗ (saves to browser)

Chapters (10)

Intro, you should be using centralized logging for this. But if not this hackj

1:18 Talking about the Sensitve Command Token

2:00 Examining how this all works, creates three registry keys for Image File Execu

3:50 Talking about the "So much offense in my defense" phrase. Really loved it, sho

4:50 Showing the token works and what the email looked like

5:30 Ranting more about "so much offense in my defense" and why blue teamers should

8:20 Creating a new token so we can deploy this one via Active Directories Group Po

9:00 Opening GPMC and creating a registry entry

11:00 Running gpupdate /force to show the group policy created the registry keys

13:00 Attempting to get the arguments of our process but failing. Never get this par

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →