iPad Air 2, Samsung Galaxy Tab A, or $350 Off with SANS Online Training Right Now!

Cyber Defense Initiative 2014

Washington, DC | Wed, Dec 10 - Fri, Dec 19, 2014
This event is over,
but there are more training opportunities.

Home-Field Advantage: Hunting the Advanced Persistent Threat by Interdicting their Tactics with Network Traps & Snares

  • Matthew Toussain - Master's Degree Candidate
  • Sunday, December 14th, 8:15pm - 8:55pm

Within the information security community it is almost universally agreed that the adversary has the edge when they attack our networks. This premise stems from the idea that the attacker only needs to succeed once in order to get access to an organization's sensitive information while the defender must succeed every time. This principle is a fallacy. An attacker must succeed in some way at each stage of the hacker's methodology in order to penetrate their targets. As defenders we only need to stop them at one point. Furthermore, defensive cyber operators know their environment better than any antagonist can ever hope to. There are ways for the defender to take the initiative and hunt down the adversary as attacks occur. Organizations should leverage their home-field advantage by seeding their network with traps, snares, and pitfalls that will generate alerts early in the intrusion kill chain.

Speaker Bio: Matthew Toussain (0sm0s1z) is a cyber-operator with experience developing tactics, techniques, and procedures for the United States Air Force. When not actively defending the nation's networks from rampaging cyber pandas, he can be found tinkering with hacking tools or speaking at any conference where he can find an audience. Between coding Subterfuge and developing/commanding the U.S. Air Force Academy's Basic Cyber Competency Course, which now trains over 400 students per year, it would be a wonder if he had time for anything less nerdy in his life. Since he doesn't, he spends the remainder of his time participating in national and international cyber competitions such as iCTF, CSAW, CCDC, and SANS NetWars. Matthew was a guest speaker at the 20th Anniversary of DEFCON, the largest security conference in the world, and a member of the only undergraduate team ever to become the overall winners in the NSA's Cyber Defense Exercise defeating all contenders including the Air Force Institute of Technology. He lives in San Antonio, TX with a multitude of Cisco switches. His secondary passions include the piano, guitar, violin, and running. He has yet to figure out a way to mesh them together, but when he does it's gonna be big.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
  • Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Friday, December 12
Session Speaker Time Type
General Session- Welcome to SANS Dr. Eric Cole Friday, December 12th, 8:15am - 8:45am Special Events
Stay Ahead of the Adversary with Network Security Analytics Mike Nichols, Senior Manager, Sales Friday, December 12th, 12:30pm - 1:15pm Lunch and Learn
Women In Technology Reception Friday, December 12th, 6:15pm - 7:15pm Reception
Continuous Ownage: Why you Need Continuous Monitoring Eric Conrad Friday, December 12th, 7:15pm - 9:15pm Keynote
Saturday, December 13
Session Speaker Time Type
How Isolation vs. Detection Can (finally) Help Solve the APT Problem, and Why Should I/My Organization Care? Sebastian Taphanel, Consulting Systems Architect Saturday, December 13th, 12:30pm - 1:15pm Lunch and Learn
SANS Technology Institute Graduation Alan Paller, Sally Vandeven Saturday, December 13th, 7:00pm - 8:00pm Special Events
An Introduction to PowerShell for Security Assessments James Tarala Saturday, December 13th, 7:15pm - 8:15pm SANS@Night
Security Awareness Metrics: Measuring Human Behavior Lance Spitzner Saturday, December 13th, 7:15pm - 8:15pm SANS@Night
Attacking and Defending Building Automation Systems at Scale: A Case Study Billy Rios Saturday, December 13th, 7:15pm - 8:15pm SANS@Night
Securing The Kids Lance Spitzner Saturday, December 13th, 8:15pm - 9:15pm SANS@Night
Everything They Told Me About Security Was Wrong John Strand Saturday, December 13th, 8:15pm - 9:15pm SANS@Night
Sunday, December 14
Session Speaker Time Type
Connect the Dots with Domain Name Intelligence from DomainTools Mark Kendrick, Director of Business Development Sunday, December 14th, 12:30pm - 1:15pm Lunch and Learn
Defending Your Global Perimeter Jonathan Trull, Chief Information Security Officer, Qualys, Inc Sunday, December 14th, 12:30pm - 1:15pm Lunch and Learn
Cyber Crime As a Business: How Criminal Networks Use "Cloud Servies" and "Involuntary Contribution Associates" to Make Money Tom Byrnes, CEO of ThreatSTOP Sunday, December 14th, 12:30pm - 1:15pm Lunch and Learn
Continuous Monitoring and Mitigation Timothy Jones, Federal Systems Engineer Sunday, December 14th, 12:30pm - 1:15pm Lunch and Learn
SANS Technology Institute Reception and Information Session Bill Lockhart, Executive Director, SANS Technology Institute Sunday, December 14th, 5:45pm - 7:15pm Reception
Gone in 60 Minutes: Have You Patched Your System Today? David Hoelzer Sunday, December 14th, 7:15pm - 8:15pm SANS@Night
Windows Exploratory Surgery with Process Hacker Jason Fossen Sunday, December 14th, 7:15pm - 8:45pm SANS@Night
The Threat Landscape of PKI: System and Cryptographic Security of X.509, Algorithms, and their Implementations. Blaine Hein- Master's Degree Candidate Sunday, December 14th, 7:15pm - 7:55pm Master's Degree Presentation
Introduction to IDA Pro and Debugging Stephen Sims Sunday, December 14th, 8:15pm - 9:15pm SANS@Night
The 13 Absolute Truths of Security Keith Palmgren Sunday, December 14th, 8:15pm - 9:15pm SANS@Night
Home-Field Advantage: Hunting the Advanced Persistent Threat by Interdicting their Tactics with Network Traps & Snares Matthew Toussain - Master's Degree Candidate Sunday, December 14th, 8:15pm - 8:55pm Master's Degree Presentation
Monday, December 15
Session Speaker Time Type
Vendor Solutions Expo Monday, December 15th, 12:00pm - 1:30pm Vendor Event
Vendor Solutions Expo Monday, December 15th, 5:30pm - 7:30pm Vendor Event
NetWars Tournament of Champions Ed Skoudis & Tim Medin Monday, December 15th, 6:30pm - 9:30pm Special Events
A Night of Crypto G. Mark Hardy Monday, December 15th, 7:15pm - 9:15pm SANS@Night
Debunking the Complex Password Myth Keith Palmgren Monday, December 15th, 7:15pm - 8:15pm SANS@Night
Tuesday, December 16
Session Speaker Time Type
Fortinet Next Generation Firewalls Will Tipton, Security Engineer Tuesday, December 16th, 12:30pm - 1:15pm Lunch and Learn
Are Privileged Accounts a Vulnerability Risk? Absolutely. Rod Simmons, Director of Privilege Management, BeyondTrust Tuesday, December 16th, 12:30pm - 1:15pm Lunch and Learn
NetWars Tournament of Champions Ed Skoudis & Tim Medin Tuesday, December 16th, 6:30pm - 9:30pm Special Events
IT Security meets Research: Lessons from NASA's Science Labs Joel Offenberg, Vantage Systems, Inc. Tuesday, December 16th, 7:15pm - 8:15pm SANS@Night