Log File Frequency Analysis with Python

Join us in the Black Hills InfoSec Discord server here: discord.gg/BHIS to keep the security conversation going! Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- www.blackhillsinfosec.com/ 00:00 - Introduction 02:09 - Welcome 02:38 - Sans Teaching Events 03:17 - Agenda 04:15 - Challenge 05:59 - Regular Expressions 06:25 - What is a Regular Expression 08:35 - Rules of Regular Expressions 10:48 - Custom Sets 17:17 - Capturing Groups 21:28 - Named Groups 23:22 - regex Golf 24:33 - Python Dictionaries 32:14 - Python Collections 36:21 - Coding Time 37:21 - Testing Regular Expressions 42:33 - Analyzing Regular Expressions 45:32 - Prototype Python Script 46:44 - Running Python Script 48:01 - Python Code 57:23 - Discussion Description: Information Security professionals often have reason to analyze logs. Whether Red Team or Blue Team, there are countless times that you find yourself using "grep", "tail", "cut", "sort", "uniq", and even "awk"! While these powerful UNIX methods take us far, there is always that time when you want more power! In this webcast, Joff Thyer will discuss using Python regular expressions, and dictionaries to extract useful data for frequency analysis. If you want to learn even more about Python, join Joff for SANS SEC573 - "Automating Information Security with Python" www.sans.org/sec573 Slides available here: www.blackhillsinfosec.com/webcast-log-file-frequen… Black Hills Infosec Socials Twitter: twitter.com/BHinfoSecurity Mastodon: infosec.exchange/@blackhillsinfosec LinkedIn: www.linkedin.com/company/antisyphon-training Discord: discord.gg/ffzdt3WUDe Black Hills Infosec Shirts & Hoodies spearphish-general-store.myshopify.com/collections… Black Hills Infosec Services Active SOC: www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: www.blackhillsinfosec.com/services/ Incident Response: www.blackhillsinfosec.com/services/incident-respon… Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: www.backdoorsandbreaches.com/ Play B&B Online: play.backdoorsandbreaches.com/ Antisyphon Training Pay What You Can: www.antisyphontraining.com/pay-what-you-can/ Live Training: www.antisyphontraining.com/course-catalog/ On Demand Training: www.antisyphontraining.com/on-demand-course-catalo… Educational Infosec Content Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: youtube.com/wildwesthackinfest Active Countermeasures YouTube: youtube.com/activecountermeasures Antisyphon Training YouTube: youtube.com/antisyphontraining Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: wildwesthackinfest.com/ #bhis #infosec

• #film_animation
• #python
• #log_analysis
• #red_team
• #blue_team
• #how_to_analyze_log_file_frequency_with_python
• #joff_thyer
• #sec573
• #log_file_frequency_analysis