OnDemand Includes 4 Months Access to Course Content - Special Offers Available Now!

Brussels February 2019

Brussels, Belgium | Mon, Feb 25, 2019 - Sat, Mar 2, 2019
This event is over,
but there are more training opportunities.

SANS and NVISO Community Night

  • Daan Raman & Oliver Nettinger
  • Thursday, February 28th, 6:00pm - 9:00pm

18:00 - 19:00 - Welcome & Intro

19:00 - 19:45 - Where's Wally? Hands-on Threat Hunting in Elasticsearch using ee-outliers

Speaker : Daan Raman

The collection of millions of endpoint and network events in modern IT environments opens up great opportunities for the security analyst to perform Threat Hunting activities in search of adversary activity. However, the Threat Hunter faces several challenges: how do we create a baseline of ‚normal‚ or ‚expected‚ activity out of millions (or billions!) of events? How do we introduce the human feedback loop in our Threat Hunting activities? How do we deal with false positives?

In this talk we introduce ee-outliers, an open-source framework we developed to detect statistical outliers in events stored in an Elasticsearch cluster, in support of the Threat Hunter. The framework contains a number of statistical models which can be used and extended using a basic configuration file format: no coding skills required!

In this technical talk we want to give a practical introduction of how ee-outliers can help the modern Threat Hunter spot adversary activity in huge volumes of security events. Attendees can expect lots of demos and realistic Threat Hunting examples! At the time of the conference, ee-outliers will have been open-sourced and made available to the audience members.

19:45 - 20:30 - Cybersecurity in Modern Road Vehicles

Speaker: Oliver Nettinger:

This talk will provide the audience with an overview of what car security actually means, its challenges compared to classical IT security, and a quick walk-through of vehicle security related history. It will touch on current research topics, as well as manufacturer and regulatory efforts to tackle the challenges of vehicle related security. Finally, it will provide an outlook on security with autonomous driving cars.

20:30 - 21:00 - Networking and Drinks

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Tuesday, February 26
Session Speaker Time Type
Making Sense of Your ICS Environment with the Help of Packet Analysis and Automa-tion Kai Thomsen Tuesday, February 26th, 6:00pm - 7:00pm SANS@Night
The Offensive Defender | Cyberspace Trapping Matthew Toussain Tuesday, February 26th, 7:00pm - 8:00pm SANS@Night
Wednesday, February 27
Session Speaker Time Type
Rise of the Blue Team CTF Russ Taylor Wednesday, February 27th, 5:45pm - 6:30pm SANS@Night
Thursday, February 28
Session Speaker Time Type
SANS and NVISO Community Night Daan Raman & Oliver Nettinger Thursday, February 28th, 6:00pm - 9:00pm Special Events