No products in the cart.
LOGIN

Home
Blog
LogonSessions for Incident Response [FREE COURSE CONTENT]

LogonSessions for Incident Response [FREE COURSE CONTENT]

(33 views)

In this tutorial from our Security Incident Response course you will see how to use the LogonSessions tool from Windows Sysinternals in incident response. Want to add something to your toolbox? Let's dive in!

Participants will be able to clearly define a security incident and know the proper way to handle it. The participants will also be able to define the steps needed to lead the incident to a desired outcome throughout the process of investigation.

You will find out how to:

Detect, identify, and mitigate threats
Assess potential security risks
Account for human error
Create an Incident Response Plan
Identify High Value Targets
Set up Incident Response tooling
Create IoCs and implement them
Recover systems, data and connectivity
Return to production state
Document the incident

Example tools used in the course:

Windows built-in tools;
Windows Sysinternals suite (pslist; psexec – relation output; autoruns – how to use and how it is useful in incident response; listdlls; procexp/procexp64; tcpview; LogonSessions);
Volatility;
dd/windd;
Logparser;
grep and Windows Event Log Explorer

In module 1, we will study:

Assessing potential security risks
Accounting for human error
Creating Incident Response Plan
Identifying High Value Targets
Identifying Stakeholders
Setting up incident Response tooling
System instrumentation
Employees security trainings

Module 1 exercises:

Familiarizing with Windows Sysinternals suite (pslist; psexec – relation output; autoruns – how to use and how it is useful in incident response; listdlls; procexp/procexp64; tcpview; logonsessions) and Windows Event Log analysis

Check out other modules here!

Related content:

8 Free Tools to Automate Your Incident Response Process by Gilad David Maayan

Incident Response: Should You Prioritise Quality or Quantity? by AlertOps

Incident Security Response - AccessEnum [FREE COURSE CONTENT!]

Security Incident Response (W43)

TuxResponse - Linux Incident Response

misp - A dashboard for a real-time overview of threat intelligence from MISP instances

April 26, 2022

Author

Marta Strzelec [STAFF]

Latest Articles

Subscribe

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments

Inline Feedbacks

View all comments

https://hakin9.org/wp-content/uploads/2020/01/hakin91-copy-1-1.png

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.