Register now for SANS Cyber Defense Initiative 2016 and save $400.

Cyber Defense Initiative 2013

Washington, DC | Thu, Dec 12 - Thu, Dec 19, 2013

Active Deception to Augment Intrusion Detection

  • Josh Johnson- Master's Degree Candidate
  • Friday, December 13th, 8:15pm - 8:55pm

Master's Degree Presentation

Adversaries are too frequently enjoying the comfort of our "private" networks, often hanging around for months or years at a time. Defensive strategies must mature in order to contain and eradicate intruders before they find and exfiltrate the data they're seeking. Active deception provides a way to interfere with an attacker's ability to successfully perform reconnaissance while providing defenders with intelligence on an adversary's capabilities. Integrated with SIEM and IDS strategies, these utilities can provide significant visibility into malicious activities occurring on internal networks.

Speaker Bio: Josh Johnson is a Senior Security Analyst working for a retail company in upstate New York. With a Computer Science background, his responsibilities at work include performing regular application security assessments, WAF and IDS configuration and monitoring, and incident response. Josh is a candidate for the SANS Technology Institute's Master of Science in Information Security Engineering degree.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
Thursday, December 12
Session Speaker Time Type
General Session - Welcome to SANS Dr. Eric Cole Thursday, December 12th, 8:15am - 8:45am Special Events
Building a Security Program that Protects an Organizationās Most Critical Assets ā A Different Approach Robert Eggebrecht, President and CEO, BEW Global Thursday, December 12th, 12:30pm - 1:15pm Lunch and Learn
SANS Technology Institute Open House Alan Paller, President of the SANS Technology Institute Thursday, December 12th, 6:00pm - 7:15pm Special Events
APT: It is Time to Act Dr. Eric Cole Thursday, December 12th, 7:15pm - 9:15pm Keynote
Friday, December 13
Session Speaker Time Type
Vendor Solutions Expo Friday, December 13th, 12:00pm - 1:30pm Vendor Event
Vendor Solutions Expo Friday, December 13th, 5:00pm - 7:00pm Vendor Event
Windows Exploratory Surgery with Process Hacker Jason Fossen Friday, December 13th, 7:15pm - 8:45pm SANS@Night
Have no fear - DFIR is here! Rob Lee, Chad Tilbury, Alissa Torres, and Lenny Zeltser Friday, December 13th, 7:15pm - 8:45pm SANS@Night
A Predictive Security Model Using Bayesian Networks Dan Lyon-Master's Degree Candidate Friday, December 13th, 7:15pm - 7:55pm Special Events
Discovering Security Events of Interest Using Splunk Carrie Roberts-Master's Degree Candidate Friday, December 13th, 8:15pm - 8:55pm Special Events
Active Deception to Augment Intrusion Detection Josh Johnson- Master's Degree Candidate Friday, December 13th, 8:15pm - 8:55pm Special Events
Saturday, December 14
Session Speaker Time Type
Fortinet Next Generation Firewalls Justin Kallhoff, CEO Infogressive Saturday, December 14th, 12:30pm - 1:15pm Lunch and Learn
The Power of Lossless Packet Capture (1G-100G) & Real-time Netflow Andrew Weismanâ Senior Sales Engineer, Emulex Saturday, December 14th, 12:30pm - 1:15pm Lunch and Learn
Continuous Ownage: Why you Need Continuous Monitoring Eric Conrad and Seth Misenar Saturday, December 14th, 7:15pm - 8:15pm SANS@Night
Booting a Write-blocked Drive to a VM Using Linux (Ubuntu) Carlos Cajigas Saturday, December 14th, 7:15pm - 8:15pm SANS@Night
An Introduction to PowerShell for Security Assessments James Tarala Saturday, December 14th, 8:15pm - 9:15pm SANS@Night
Closing the Door on Web Shells Anuj Soni Saturday, December 14th, 8:15pm - 9:15pm SANS@Night
Sunday, December 15
Session Speaker Time Type
NetWars Tournament of Champions Yori Kvitchko Sunday, December 15th, 6:30pm - 9:30pm Special Events
GIAC Program Overview Jeff Frisk Sunday, December 15th, 7:15pm - 8:15pm Special Events
Who's Watching the Watchers? Mike Poor Sunday, December 15th, 7:15pm - 8:15pm SANS@Night
Security Onion: Installed and Now What? Chris Mohan Sunday, December 15th, 7:15pm - 8:15pm SANS@Night
Sharing Without Borders: Attacking and Testing SharePoint Kevin Johnson Sunday, December 15th, 8:15pm - 9:15pm SANS@Night
Hacking Back, Active Defense, and Internet Tough Guys John Strand Sunday, December 15th, 8:15pm - 9:15pm SANS@Night
Privacy and Peace of Mind While Accessing the Internet Via a Free/Public Access Point Through the Use of Your Very Own SOHO VPN Server. Easy as Pie... Raspberry Pi. Eric Jodoin - STI Masterâs Degree Candidate Sunday, December 15th, 8:15pm - 8:55pm Special Events
Monday, December 16
Session Speaker Time Type
SANS Presents: People Who Made a Difference In Security in 2013 Alan Paller Monday, December 16th, 12:30pm - 1:15pm Lunch and Learn
Targeted, Wire-speed Yara Analysis for Real-time Malware Prevention Mike Nichols, Technical Product Manager Monday, December 16th, 12:30pm - 1:15pm Lunch and Learn
NetWars Tournament of Champions Yori Kvitchko Monday, December 16th, 6:30pm - 9:30pm Special Events
Effective Phishing that Employees Like Lance Spitzner Monday, December 16th, 7:15pm - 8:15pm SANS@Night
New School Forensics: Latest Tools and Techniques in Memory Analysis Chad Tilbury Monday, December 16th, 7:15pm - 8:15pm SANS@Night
Securing The Kids Lance Spitzner Monday, December 16th, 8:15pm - 9:15pm SANS@Night