SANS Security East 2021 features 20+ courses - Register now to get a MacBook Air or Microsoft Surface Pro 7 or Take $350 Off

Amsterdam October 2019

Amsterdam, Netherlands | Mon, Oct 28, 2019 - Sat, Nov 2, 2019
This event is over,
but there are more training opportunities.

Level Up: Increasing Visibility of Lateral Movement in Windows Environments

  • Chris Pizor
  • Tuesday, October 29th, 8:00pm - 9:00pm

Defending large enterprise environments is no easy prospect as gaining visibility at the lower levels of the network is difficult and often costly. The security of our enterprise resources often focuses on prevention, which is ideal, but we have to be ready for the eventuality of an attacker getting in. Therefore detection is critical, and many host and network based security products can help with this, but they are not perfect. In this talk the focus is going to be on proactive defenses and configuration leveraging built-in and free tools and utilities. Concepts such as system baselining and setting up your systems to effectively capture artifacts of forensics value will be discussed. Additionally, Windows logging, Sysmon, and the employment of Honeytokens/Honeypots to improve visibility will be discussed and demonstrated. Take some time, think about the potential blind spots in your environment and how you can proactively establish detection capabilities for attackers to trip over.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Tuesday, October 29
Session Speaker Time Type
Level Up: What would you do? An interactive walkthrough of an APT attack. Brenno de Winter Tuesday, October 29th, 7:00pm - 8:00pm SANS@Night
Level Up: Increasing Visibility of Lateral Movement in Windows Environments Chris Pizor Tuesday, October 29th, 8:00pm - 9:00pm SANS@Night