Event Log Chainsaw Massacre - Powerful Threat Detection
HTML-код
- Опубликовано: 30 июл 2024
- In this episode, we'll look at Chainsaw - a powerful new tool that can help us parse Windows Event Logs. Chainsaw provides both searching and hunting capabilities, and even includes built-in detection rules to find anomalistic behavior and the ability to load Sigma rules for even more advanced detection.
** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. **
📖 Chapters
00:00 - Intro
01:26 - Chainsaw Searching
09:27 - Chainsaw Hunting
16:24 - Recap
🛠 Resources
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics Наука
Not sure why this was in my recommended, but it was actually quite interesting. Thank's for showcasing this, subbed!
Awesome 👌 Thank for your time and I will explore more on this.
Awsome! Thanks for sharing the knowlege
Going to have to add this tool to the repertoire
awesome. thnx
Great job on this video.. súper profesional
Pretty cool.. Nice
can you also do a preview/walkthrough for the Hayabusa tool by Yamato-Security.
it looks like they are almost the same.
This with velociraptor is gg
@Lordyzagat velociraptor ir tool
What happen to the syntax the commands to not work
can you please provide a link to log database that you used
Hi, unfortunately that test database has been long since removed.
does this require sysmon to be effective?
No, but Sysmon is certainly highly beneficial.
Please share the Latest and safest source link to download chainsaw .
github.com/WithSecureLabs/chainsaw/releases
This seems to be out of date now with their update.
Such is life with RUclips... will consider making an update at some point.
none of these commands work for me. amazing
What error do you receive when you try? I need a little more detail if you want to solve the issue.