Invoke Threat

What a year this has been. C3X2018 "Genesis" just wrapped up on October 24th and I couldn't be happier (and happy that it's over because I forgot what real sleep feels like).
For those of you who have no idea what I'm talking about, the Canadian Collegiate Cyber Exercise or C3X is an event that Ben Wells (@1StealthMove) and myself started working on in 2016, and brought  into reality in 2017 with a beta run of the event. You can watch the trailer from last year here:


So why did we create  C3X at all? Sadly, Canada doesn't have too many red vs. blue, cyber war game type events (at least to my knowledge) and as far as RedBlack is concerned, that's a shame. We have a lot of CTF's and the like, but there's no shortage of those already. We've also come to learn that many students do not get the required and needed exposure of  learning about defending Windows environments, ActiveDirectory and being able to put what they've learned in school to th…

In an effort to have some more content on this blog (wow life gets busy sometimes!) I thought I'd write up this post on how to configure Windows Event Forwarding and the awesome project, HELK.

On a bit of a side-note, this post coincides with an event we run up here in Toronto, Canada called the Canadian Collegiate Cyber Exercise (C3X). This year we are running the first real iteration (although we executed a pilot version last year which you can see here: https://www.youtube.com/watch?v=oycYKQzzHoU) and part of the design will be providing the students with HELK.
OK back on track. I'll admit that when I first learned about Windows Event Forwarding it seemed a little daunting. A few of the posts I first read seemed confusing and a lot of moving parts. To the newcomer, Windows Event Logs can also be fairly intimidating which is why projects such as HELK are so fantastic to be openly and freely distributed.
So why leverage WEF? Well, at a very basic level (and this whole post wi…

So I decided to start a podcast. I'm a big fan of podcasts and it's been very cool to see more Information Security related ones surface. I wanted to get in the action and try to do something (hopefully) a little different than most in that the purpose was to have on people I find fascinating, set a topic that doesn't necessarily have to be technical and just see where it goes. 
I present ISOPodCast and let me explain the name.
The ISO stands for Information Second Opinion because I want to discuss and debate with the guests various issues such as community (Episode #1), education, mental health and the like. There's also a bit of wordplay with ISO, InfoSec(ond) and also Isopods are cool looking.
This post is going to introduce Episode #1 - "Community" where my guest Allan Stojanovic (@allansto) talk about our local scene here in Toronto, Canada as a whole and identity.
Now here's what I'd like to ask of you dear listeners:
This is the first episode and I&…