Lists of sources and utilities to hunt, detect and prevent evildoers.
AD Security
https://jimshaver.net/2016/02/14/defending-against-mimikatz/
Microsoft EMET
https://support.microsoft.com/en-us/kb/2458544
Microsoft ATA
Microsoft File Screening
http://olivermarshall.net/using-file-screening-to-help-block-cryptolocker/
http://blog.netwrix.com/2016/04/11/ransomware-protection-using-fsrm-and-powershell/
Threat Hunting
https://github.com/ThreatHuntingProject/ThreatHunting
Powershell
Log hunting with powershell
http://909research.com/windows-log-hunting-with-powershell/
https://isc.sans.edu/diary/21829
- powershell blocked via windows firewall (same for cscript/wscript)
POSH to read event logs
https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html
Windows event forwarding
https://blogs.technet.microsoft.com/russellt/2017/05/09/project-sauron-introduction/
http://909research.com/sysmon-the-best-free-windows-monitoring-tool-you-arent-using/
EDR
CarbonBlack
limacharlie
OSQuery
Logging
Logging debrief--
https://www.malwarearchaeology.com/logging/
SCCM
https://www.fireeye.com/blog/threat-research/2016/12/do_you_see_what_icc.html
https://github.com/PowerShellMafia/PowerSCCM
Recommended reading:
https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
http://seclist.us/powermemory-v1-4-exploit-the-credentials-present-in-files-and-memory.html