Windows systems are still king of the desktop and server operating systems, thus the #1 target of hackers, malware, ransomware, and phishing attacks. Hunting for malicious activity is something we all must get better at or the hackers will win; hell, the hackers are already winning. Learning what to look for is hard enough with all the ways Windows can get infected and hide malicious payloads. Worse, there are few tools to help us effectively hunt, short of buying expensive enterprise solutions which many, if not most organizations find hard to afford. Doing it quickly is also difficult and we need to get faster at it.
Michael Gough is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is co-developer of LOG-MD, a free tool that audits the settings, harvests and reports on malicious Windows log data and malicious system artifacts. Michael also ran BSides Texas for five years for the Austin, San Antonio, Dallas and Houston cons. Michael is also blogs on HackerHurricane.com on various InfoSec topics.