Come on by Blackhat Arsenal Thursday and check out LOG-MD in action with the latest version on how to check, set, and harvest malwarious activity on Windows systems.
LOG-MD
Michael Gough & Brian Boettcher
Palm Foyer, Level 3, Station 8
16:00 - 17:50
Based on the 'Windows Logging Cheat Sheet' LOG-MD audits a Windows system for compliance to the 'Windows Logging Cheat Sheet', CIS, US-GCB and AU-ACSC standards, and if it fails creates a nice report to help you know what to set and then guides you where to set the items needed to pass the audit check. Once properly configured, LOG-MD then harvests security related log data to help you investigate a suspect system.
In addition LOG-MD can perform full file system hashing to create a baseline that can be used to compare against a suspect system. LOG-MD can also baseline the registry and compare a suspect system registry to a known good baseline to find altered settings and even look for LARGE Reg keys where malware is hiding payloads.
Come by Blackhat Arsenal and check us out and maybe get a goody too ;-)