Sharpen your Skills at SANS San Francisco Winter 2017. Save $200 thru 10/25.

Brussels Autumn 2017

Brussels, Belgium | Mon, Oct 16 - Sat, Oct 21, 2017
This event is over,
but there are more training opportunities.

Advanced Incident Response Techniques

  • Steve Armstrong
  • Tuesday, October 17th, 6:00pm - 7:00pm

When working in large network breaches, the technique of removing the infected hosts immediately and one-by-one is not the best or only option. In this presentation, we will look at the other methods used: ‚mass remediation‚ and ‚out running the attacker‚. We will look at the conditions necessary to make them work (team, profile, target, network and attacker), how they scale, the sort of resources you need to make this effective and how the attacker may respond if you don‚t maintain control.

This is a ‚from the trenches‚ session and not an academic thesis, the presenter has implemented various techniques and faced different results, both good and bad. This session is your opportunity to learn from their experience.‚


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Monday, October 16
Session Speaker Time Type
Detecting WMI persistence using Sysmon Michel Coene Monday, October 16th, 7:00pm - 8:00pm SANS@Night
Tuesday, October 17
Session Speaker Time Type
Advanced Incident Response Techniques Steve Armstrong Tuesday, October 17th, 6:00pm - 7:00pm SANS@Night
InfoSec Rock Star: Geek Will Only Get You So Far Ted Demopoulos Tuesday, October 17th, 7:00pm - 8:00pm SANS@Night
Thursday, October 19
Session Speaker Time Type
NVISO Community Night Thursday, October 19th, 6:00pm - 9:00pm SANS@Night