Advanced Incident Response Techniques
- Steve Armstrong
- Tuesday, October 17th, 6:00pm - 7:00pm
When working in large network breaches, the technique of removing the infected hosts immediately and one-by-one is not the best or only option. In this presentation, we will look at the other methods used: âmass remediationâ and âout running the attackerâ. We will look at the conditions necessary to make them work (team, profile, target, network and attacker), how they scale, the sort of resources you need to make this effective and how the attacker may respond if you donât maintain control.
This is a âfrom the trenchesâ session and not an academic thesis, the presenter has implemented various techniques and faced different results, both good and bad. This session is your opportunity to learn from their experience.â
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Monday, October 16
| Session | Speaker | Time | Type |
|---|---|---|---|
| Detecting WMI persistence using Sysmon | Michel Coene | Monday, October 16th, 7:00pm - 8:00pm | SANS@Night |
Tuesday, October 17
| Session | Speaker | Time | Type |
|---|---|---|---|
| Advanced Incident Response Techniques | Steve Armstrong | Tuesday, October 17th, 6:00pm - 7:00pm | SANS@Night |
| InfoSec Rock Star: Geek Will Only Get You So Far | Ted Demopoulos | Tuesday, October 17th, 7:00pm - 8:00pm | SANS@Night |
Thursday, October 19
| Session | Speaker | Time | Type |
|---|---|---|---|
| NVISO Community Night | — | Thursday, October 19th, 6:00pm - 9:00pm | SANS@Night |
