In this edition of #TechTalkTuesday we discuss the detection of malicious network share usage with the Windows Event Logs when threat hunting. By understanding what malicious network share activity looks like, you can quickly and easily investigate potential threats.
This video is essential for anyone interested in incident response or threat hunting, as it'll teach you how to identify and investigate potential threats using the Windows Event Logs. We'll discuss the different events related to malicious network share activity, and how to use them to your advantage when threat hunting.
Please like and subscribe to support our channel!
Follow us on Twitter: [ Ссылка ]
Follow us on LinkedIn: [ Ссылка ]
Hire us for your next threat hunt or incident response case: [ Ссылка ]
Chapters:
00:00 - Intro
00:18 - Why Network Share Auditing Matters
02:40 - Using the Windows Event Logs to Detect Malicious Network Share Activity
04:29 - Enabling Network Share Activity Auditing
05:16 - Detecting Malicious Network Share Access Attempts with Windows Event 5140
08:20 - Detecting Malicious Network Share Object Creation with Windows Event 5142
09:23 - Detecting Malicious Network Share Object Modification with Windows Event 5143
10:23 - Detecting Malicious Network Share Object Deletion with Windows Event 5144
11:28 - Detecting Malicious Network Share Validation Failures with Windows Event 5168
12:42 - Detecting Malicious Network Share Access Attempts with Windows Event 5145
15:11 - Wrapping Up
![Futuristic Cities - SCI-FI Designed cities [AI Generated Images] [AI Image Generator]](https://s2.save4k.org/pic/hf-XSeSxdrk/mqdefault.jpg)
