Michel de CREVOISIER
Senior Security Analyst at Kapsch BusinessCom
Michel is a Senior Security Analyst in the Cyber Defense Center of Kapsch BusinessCom since 2022. Formerly, he worked during 5 years as a Security Analyst, developing threat detection solutions and investigating modern attacks. During his professional career, he handled several positions as a system and network administrator as well as a security architect in France, Spain and Austria.
In addition to his practice, Michel contributes to the SOC Prime platform as a Threat Bounty Developer and regularly participates as a speaker on security and data protection conferences in Vienna.
Michel graduated with an MSc in computer sciences. During his studies, he was named by Microsoft as a “Student Partner” (MSP) and was in charge of organizing different talks and conferences in order to present the Microsoft ecosystem and its related services or products. At that time, he published several articles on his blog regarding security hardening and well-known threats like Mimikatz.
In addition to his practice, Michel contributes to the SOC Prime platform as a Threat Bounty Developer and regularly participates as a speaker on security and data protection conferences in Vienna.
Michel graduated with an MSc in computer sciences. During his studies, he was named by Microsoft as a “Student Partner” (MSP) and was in charge of organizing different talks and conferences in order to present the Microsoft ecosystem and its related services or products. At that time, he published several articles on his blog regarding security hardening and well-known threats like Mimikatz.
10:30 - 11:00
21 May 2022 - 09:00 BSides Tirana 2022 - Schedule
Collecting valuable Windows logs in agentless mode
Collecting valuable Windows logs and centralizing them into an on-premise or cloud SIEM has always been a challenging project, no matter the size of your organization. During this session we will show how the built-in Windows Event Forwarding feature (WEF/WEC) can be deployed in a very short time frame, in order to collect valuable logs with a very low effort and a high TTPs coverage. The concept is provided with an advanced auditing baseline and an automation script which simplify configuration steps with a maximum of efficiency.