| title | description | author | created | achievements | duration | range | applications | external | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Triaging with EDR |
Introduce post-compromise attack behaviors and EDR defenses |
Chris Gerritz, Datto |
02/19/2023 |
40 |
|
|
|
The purpose of these labs is to introduce post-compromise attack behaviors and EDR defenses.
This next section will have us log into the Datto EDR console and review the attack behaviors we just conducted from the defender's point of view.
s> EDR is not perfect so we have to temper our expectations. A Windows host is buzzing with millions of internal, hidden events every minute. EDR, as a technology, has to be specific on what events to capture and to what level of detail. Process information we will review today is one of the most effective sources of information, especially for attacks involving malicious behaviors of known good operating systems utilities.
- Understand the role of EDR in monitoring networks and attacker behaviors
- Understand the difference between malware and behaviors
- Demonstrate triage of alerts related to a potential attack
| Range | None |
| Applications | Browser |
| Needed Files | None |
- In another browser window (outside the lab enviroment), log into the Datto EDR console:
- https://rightofboom.infocyte.com
- We will go through the data we collected together