492063616E207374696C6C2073656520796F7521
- Jonathan Ham
- Monday, April 23rd, 7:15pm - 9:15pm
Everything leaves footprints on the network, whether it's a frontal assault on an Internet-facing SMB, or a lateral move living off the land with harvested creds. The Red Team only has the advantage up until the window breaks (I heard that!). Once you are in my house, I have the advantage (I know that squeaky floorboard!). Here's what it looks like when you think you can steal my stuff.
Obfuscate your Powershell 10x. Drop PEs via DDE and Word macros. DLL inject mimikatz. Evade AV. Fine. But to MitM you have to mess with L2/L3, and to move laterally you have to do things on L3/L4 that shouldn't be.
And when you do, I can still see you.
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Lunch & Learn: Short presentations given during the lunch break.
- Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Monday, April 23
| Session | Speaker | Time | Type |
|---|---|---|---|
| General Session - Welcome to SANS | Alissa Torres | Monday, April 23rd, 8:00am - 8:30am | Special Events |
| 492063616E207374696C6C2073656520796F7521 | Jonathan Ham | Monday, April 23rd, 7:15pm - 9:15pm | Keynote |
Wednesday, April 25
| Session | Speaker | Time | Type |
|---|---|---|---|
| Evolving Enterprise Defenses | Grant Moerschel, Senior Director for Solutions Engineering | Wednesday, April 25th, 12:30pm - 1:15pm | Lunch and Learn |
| Cyber Risks to Critical Infrastructure Systems | Mark Bristow | Wednesday, April 25th, 7:15pm - 8:15pm | SANS@Night |
| Cyber Defense Challenges from the Small and Medium Sized Business Perspective | Aric Asti- Master's Degree Candidate | Wednesday, April 25th, 8:15pm - 8:55pm | Master's Degree Presentation |
Thursday, April 26
| Session | Speaker | Time | Type |
|---|---|---|---|
| Learning From The Adversary: Automated Malware Analysis For The Win | Dean Parsons | Thursday, April 26th, 7:15pm - 8:15pm | SANS@Night |
| Building the Airplane in Mid-Flight: Bringing Cyber-Security Structure to Special Operations Units | Adam Baker- Master's Degree Candidate | Thursday, April 26th, 7:15pm - 7:55pm | Master's Degree Presentation |
| How Effective are Tools in Detecting the "Maleficent Seven" Privileges for the Windows Environment? | Tobias Mccurry- Master's Degree Candidate | Thursday, April 26th, 8:15pm - 8:55pm | Master's Degree Presentation |
Friday, April 27
| Session | Speaker | Time | Type |
|---|---|---|---|
| PCAP Next Generation: Is your Sniffer Up to Snuff? | Scott Fether- Master's Degree Candidate | Friday, April 27th, 7:15pm - 7:55pm | Master's Degree Presentation |
| Discovering and Acquiring Virtualized Servers on vSphere and ESXi | Scott Perry- Master's Degree Candidate | Friday, April 27th, 8:15pm - 8:55pm | Master's Degree Presentation |
