Skip to main content

Posts

Showing posts from September, 2018

Leveraging WEF and the HELK

In an effort to have some more content on this blog (wow life gets busy sometimes!) I thought I'd write up this post on how to configure Windows Event Forwarding and the awesome project, HELK.

On a bit of a side-note, this post coincides with an event we run up here in Toronto, Canada called the Canadian Collegiate Cyber Exercise (C3X). This year we are running the first real iteration (although we executed a pilot version last year which you can see here: https://www.youtube.com/watch?v=oycYKQzzHoU) and part of the design will be providing the students with HELK.
OK back on track. I'll admit that when I first learned about Windows Event Forwarding it seemed a little daunting. A few of the posts I first read seemed confusing and a lot of moving parts. To the newcomer, Windows Event Logs can also be fairly intimidating which is why projects such as HELK are so fantastic to be openly and freely distributed.
So why leverage WEF? Well, at a very basic level (and this whole post wi…