Video není dostupné.
Omlouváme se.

Using Sysmon to Block Unwanted Files and Send Notifications to Slack via Scheduled Task Event Filter

Sdílet
Vložit
  • čas přidán 18. 08. 2024
  • 00:00 - Intro
    01:10 - Installing Sysmon and the configuration from Neo23x0's Repo
    02:00 - Explaining the file blocked section
    04:00 - Viewing the Sysmon log to confirm it is installed and see its EvendID 27
    05:10 - Creating a Scheduled Task with Event Filter to trigger on Sysmon File Blocked Events
    07:30 - Event did fire turns out it is case sensitive
    08:50 - Editing the Scheduled Task event by hand to add ValueQueries which allows arguments to be sent from this Event Filter
    11:30 - Testing the passing of variables by adding them to the message box
    12:50 - Start of creating some powershell to send this message to Slack
    16:30 - Have trouble getting arguments into the powershell script because of Base64 Endcoding, change up our script
    23:10 - Showing a working copy of the powershell script that sends slack messages
    25:45 - Deploying our scheduled task through Group Policy
    28:50 - Editing the scheduled task XML file from sysvol

Komentáře • 16

  • @domiflichi
    @domiflichi Před rokem

    Thanks for the video! I love how you don't edit out the problems you run into - it's very helpful to see how you work through them. Thanks again, and keep them coming!

  • @podavu7044
    @podavu7044 Před rokem +1

    i m watching all your videos and your content is just amazing !
    thank you for the efforts that you are putting u re really helping a lot of people out there.

  • @ShahabSheikhzadeh
    @ShahabSheikhzadeh Před rokem

    This is the most beautiful thing I've ever seen. I love You

  • @ich3aa
    @ich3aa Před rokem

    "Wait a second, it worked! It shouldn't happen !" That sums it all for me

  • @kristeinsalmath1959
    @kristeinsalmath1959 Před rokem

    This is amazing.

  • @DJ-rr7cj
    @DJ-rr7cj Před rokem

    This is SO COOL!

  • @inhhoanghai5263
    @inhhoanghai5263 Před rokem +1

    Good Content !!!

  • @dolbysuper8563
    @dolbysuper8563 Před rokem

    wo! thanx

  • @SomeGuyInSandy
    @SomeGuyInSandy Před rokem

    Awesome! Thanks!

  • @RomainRollot
    @RomainRollot Před rokem

    Top ! Thanks

  • @anonymoususer6801
    @anonymoususer6801 Před rokem

    You can send any message from any user with the token not sure if that's a risk.

    • @ippsec
      @ippsec  Před rokem

      There's no way to really get around that, it's limited to sending messages and to the channel.

  • @ratchy1231
    @ratchy1231 Před rokem

    Is this approach vulnerable to command injection? If an attacker is capable of controlling the filename they could attempt to write to: "&& malicious_command && exit", which should also prevent the Slack notification from coming through.

    • @ippsec
      @ippsec  Před rokem

      You should try it out. I did try it briefly and it didn't work but I didn't spend a lot of time on it.

  • @MoisheHalberstam
    @MoisheHalberstam Před rokem +1

    Can you Please upload the script for the slack webhook and a export from the task scheduler to GitHub?
    Id love to not have to retype the whole thing ;-}

  • @marcpascualsole7677
    @marcpascualsole7677 Před rokem

    If YMS was a hacker, you'd have Ippsec

Další v pořadí
Automatické přehrávání
HackTheBox - OpenSource46:09HackTheBox - OpenSource
HackTheBox - OpenSourceIppSec
zhlédnutí 18K
HackTheBox - Timelapse28:56HackTheBox - Timelapse
HackTheBox - TimelapseIppSec
zhlédnutí 30K
All About DLL Hijacking - My Favorite Persistence Method20:23All About DLL Hijacking - My Favorite Persistence Method
All About DLL Hijacking - My Favorite Persistence MethodIppSec
zhlédnutí 58K
Kdo je silnější??? 🔥🔥🔥00:34Kdo je silnější??? 🔥🔥🔥
Kdo je silnější??? 🔥🔥🔥Aleš Lamka - Fitness
zhlédnutí 190K
STEP CHALLENGE🦶00:38STEP CHALLENGE🦶
STEP CHALLENGE🦶Celine & Michiel
zhlédnutí 9M
Rybičky48 - Já dneska slavím feat. Milfki03:28Rybičky48 - Já dneska slavím feat. Milfki
Rybičky48 - Já dneska slavím feat. MilfkiRybičky 48
zhlédnutí 285K
Pool Bed Prank By My Grandpa 😂 #funny00:47Pool Bed Prank By My Grandpa 😂 #funny
Pool Bed Prank By My Grandpa 😂 #funnySKITS
zhlédnutí 19M
Combining AD Honey Pot Accounts with Canaries to Detect Password Sprays and Kerberoasting for free!26:39Combining AD Honey Pot Accounts with Canaries to Detect Password Sprays and Kerberoasting for free!
Combining AD Honey Pot Accounts with Canaries to Detect Password Sprays and Kerberoasting for free!IppSec
zhlédnutí 10K
Enumerating GCP in super stealth mode!31:26Enumerating GCP in super stealth mode!
Enumerating GCP in super stealth mode!Hac
zhlédnutí 167
What's Up With Sysmon and the Windows Event Viewer?18:25What's Up With Sysmon and the Windows Event Viewer?
What's Up With Sysmon and the Windows Event Viewer?Level1Techs
zhlédnutí 35K
How to Send Messages to Slack using a Google Sheet15:26How to Send Messages to Slack using a Google Sheet
How to Send Messages to Slack using a Google SheetBootstrapping Tools
zhlédnutí 17K
HackTheBox - Crafty26:17HackTheBox - Crafty
HackTheBox - CraftyIppSec
zhlédnutí 11K
Window's Logs on Steroids! SYSMON - Let's Deploy a Host Intrusion Detection System #1023:13Window's Logs on Steroids! SYSMON - Let's Deploy a Host Intrusion Detection System #10
Window's Logs on Steroids! SYSMON - Let's Deploy a Host Intrusion Detection System #10Taylor Walton
zhlédnutí 10K
Top 10 Emerging Technologies of 2024 (According to Science)10:45Top 10 Emerging Technologies of 2024 (According to Science)
Top 10 Emerging Technologies of 2024 (According to Science)AI Uncovered
zhlédnutí 26K
HackTheBox - Scrambled56:07HackTheBox - Scrambled
HackTheBox - ScrambledIppSec
zhlédnutí 32K
妈妈教育孩子却被父女联合赶出家门!太寒心! #搞笑#funny#萌娃00:52妈妈教育孩子却被父女联合赶出家门!太寒心! #搞笑#funny#萌娃
妈妈教育孩子却被父女联合赶出家门!太寒心! #搞笑#funny#萌娃一只小妤宝
zhlédnutí 25M
So brutal REVENGE 😂😭🔥 @BrutalAssaultOFFICIAL #youtube #festival #comedy #metal #corpsepaint00:15So brutal REVENGE 😂😭🔥 @BrutalAssaultOFFICIAL #youtube #festival #comedy #metal #corpsepaint
So brutal REVENGE 😂😭🔥 @BrutalAssaultOFFICIAL #youtube #festival #comedy #metal #corpsepaintcikindeles
zhlédnutí 8M
This is the Biggest SAW in the World 😱🪚 #camping #survival #bushcraft #outdoors #lifehack00:20This is the Biggest SAW in the World 😱🪚 #camping #survival #bushcraft #outdoors #lifehack
This is the Biggest SAW in the World 😱🪚 #camping #survival #bushcraft #outdoors #lifehackMarusya Outdoors
zhlédnutí 19M
Magic trick 🪄😁00:13Magic trick 🪄😁
Magic trick 🪄😁Andrey Grechka
zhlédnutí 39M
Wavy or Curly? #hairstyle #hairtok #hairhack #hairtutorial #hair #easyhairstyle #beautifulcurls00:20Wavy or Curly? #hairstyle #hairtok #hairhack #hairtutorial #hair #easyhairstyle #beautifulcurls
Wavy or Curly? #hairstyle #hairtok #hairhack #hairtutorial #hair #easyhairstyle #beautifulcurlsAlina Shmidt
zhlédnutí 25M
Running With Bigger And Bigger Feastables00:17Running With Bigger And Bigger Feastables
Running With Bigger And Bigger FeastablesMrBeast
zhlédnutí 102M
Insane Coffee trick EXPOSED 😱☕️ #shorts00:20Insane Coffee trick EXPOSED 😱☕️ #shorts
Insane Coffee trick EXPOSED 😱☕️ #shortsWian
zhlédnutí 6M
Our Life In A Nutshell🤗00:14Our Life In A Nutshell🤗
Our Life In A Nutshell🤗Peet Montzingo
zhlédnutí 8M