Special Guest: Mark Hallman from the SANS Institute  

In this episode, we will be joined by Mark Hallman from the SANs Institute who will walk us through the use of KAPE for gaining remote access and data collection.

KAPE is an amazing collection tool that allows us to gather data that we define. Config files are called “targets” and the targets tell us what data we are going to collect. KAPE also features a backend piece that does the processing. This enables analysts to have a package of information ready to go without the need to parse things out or run their own tools against the data.

Now, more than ever, remote collections are an extremely important part of reality. KAPE manages to do collections very easily as it already has network connectivity to the necessary machines. Mark will demonstrate the basics of how to use the UNC path to do collections, both initiated from a collection machine or the target itself.  

Listen to the full episode to see the entire demo where he explains the basics of KAPE and simulates remote KAPE collection.  

Share this post