- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
select a course
Washington, DC - July 5 - 13, 2006
- Vendor Events
- Special Events
- SANS @Night
- Brochure (PDF)
It's very dynamic and I will be able to apply what I learned directly into my area of work.
-Wagner Nascimento, eBay, Inc.
SANS @Night
LTD-Layered Team-Based Defense
- Steven Dietz, Quintiles Transnational
- Saturday, July 8, 7 - 9 pm
Timely incident response is crucial for the continual need and provisioning of intrusion management, virus/malware control, and patch management. Through the coordinated use of appropriate technology placement and the use of cooperative response and control teams, Quintiles has created a functional model. This model is based upon creating at least two layers of protection and an associated cross-departmental team for many systems. The teams are designed to have both initial response, oversight and escalation management capability. Since the creation of the layered team-base defense model, there has been a 90% reduction in Viral/Malware events. Deployment of patches, with associated compatibility qualification, is deployed globally within days instead of weeks.
Penetrating the Underworld of Botnets
- Scott Fendley, Internet Storm Center and University of Arkansas
- Saturday, July 8, 7 - 9 pm
Have you ever wondered about what goes on in the underworld of botnets? Do you know what tools are available for you to collect valuable information? Do you want to penetrate the underworld in a safe environment? In today's world, bots are a reality that people have to learn to deal with. They are everywhere with some used for good and others used for nefarious purposes. This presentation discusses how to capture botnet malware, and what you can and should do as you explore the underground world of malicious code, bot herders, and fraud.
2nd Generation Honeyclients
- Robert Danford, Internet Storm Center
- Saturday, July 8, 7 - 9 pm
A honeymonkey or honeyclient is software that drives a web browser to surf the internet. The goal is to emulate as closely as possible an end-user surfing the web. This allows for the creation of a more accurate testbed which may be exploited while surfing.
Several projects have been created to do this. honeyclient.org and the Microsoft honeymonkey (strider) project.
I found the honeyclient code lacking and wrote a replacement from scratch. This presentation will cover the architecture and design of the software and supporting hardware as well as results from the project.
Malware Analysis: The Basics
- Lorna Hutcheson, SANS Internet Storm Center and CACI
- Sunday, July 9, 7 - 9 pm
Have you have ever found a suspicious file on your system and wondered what's it doing but didn't know how to find out? Then this presentation is for you! We will be covering the basics of how to conduct malware analysis. Some of the areas that will be discussed are: setting up a test environment, safety while doing analysis, tools used and how to use them and behavioral analysis. You will see different pieces of malware in action and how to use these basic skills to start to understand them. Prepare to enter the fascinating world of malware analysis.
Sharing the Unverifiable: Prediction Exchange
- Jason Gordon, infectionvectors.com
- Sunday, July 9, 7 - 9 pm
Making predictions is a common undertaking for virtually all technology analysts, and security professionals are no different. Each year there are the routine "new year" prognostications as well as ad hoc calls-to-arms from every corner of the security world: from large, well-respected watch dogs to the smallest blogger. The responsibilities of such fortune tellers, however, are rarely discussed - unlike their more famous cousin, the "full disclosure" responsibility debate. This paper will outline the requirements for making analytical predictions public, the impact of such predictions, and how the discourse can be shaped to help consumers of such information make decisions.
On the Cutting Edge: Thwarting Virtual Machine Detection
- Tom Liston and Ed Skoudis, Intelguardians
- Sunday, July 9, 7 - 9 pm
As virtualization technologies are increasingly being used by security researchers, there has been a parallel increase in the malicious attackers using various techniques to detect the use of virtual machines and alter their behavior accordingly. Tom Liston and Ed Skoudis of Intelguardians will present an overview of both how VM detection works, and some cutting-edge techniques to mitigate detection.
Beyond the Perimeter: Architecture to the Rescue
- Swa Frantzen, Section 66
- Monday, July 10, 7 - 9 pm
Traditional security architectures for office environments build a perimeter that defends all of the company to the best of its abilities. Yet the modern workplace has and will continue to have increasing outsourcing, mobility of users and shared resources across the perimeter. Often the perimeter heavy model interferes with the business goals. This talk focuses on one such less traditional approach that departs from risk management to create a more flexible solution and potentially inherent more secure solution for the more adventurous security architect.
Utilizing Web Services to Perform Distributed and Collaborative Forensic Analysis
- Aaron Philipp, Affect Computer Forensics
- Monday, July 10, 7 - 9 pm
There have been several attempts in the past to build forensics tools which use the web as a primary interface. These attempts have met with some success; however, the rigid and difficult GUI that is forced by traditional HTML has prevented these systems from being used in serious litigation and investigations. In contrast, traditional windowed applications are employed for their responsive interfaces and ease of use. The downside to these applications is that they tend to be somewhat monolithic in nature and make true collaboration a difficult prospect. With the advances made in web services technologies in the past 3 years, it is time to re-evaluate the platform as a viable solution to the problem of distributed analysis and investigation. It is the purpose of the paper to describe and demonstrate the tool mentioned above, as well as show what it means for the future of collaborative forensics. Case studies will also be provided to show real world benefit and usefulness over current solutions.
Malware Analysis - lessons learned
- Pedro Bueno, Internet Storm Center
- Monday, July 10, 7 - 9 pm
This presentation will focus on a review of the Malware Analysis Quizzes, learning common malware tricks, for both Windows and Linux OSs. While it may be common place, learning from others point of view is essential to open the mind for different approaches on malware analysis. Bots, PWstealers, Packers...from inoffensive pieces of software to the dangerous ones will be seen here.