Malware Analysis for Incident Responders: Getting Started
- Lenny Zeltser
- Wednesday, December 16th, 7:15pm - 9:15pm
Knowing how to analyze malware has become a critical skill for incident responders and forensic investigators. A good way to get started with such efforts involves examining how malicious software behaves in a controlled laboratory environment. In this two-hour seminar briefing, Lenny Zeltser demonstrates key aspects of this process, walking you through behavioral analysis of a malware specimen by using several free tools and even peeking into the world of code analysis.
You will see practical techniques in action and understand how malware analysis will help you to triage the incident to assess key capabilities of the malicious software. You will also learn how to determine ways of identifying this malware on systems in your environment by establishing indicators of compromise (IOCs). This seminar will help you start learning how to turn malware inside out.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
- Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Sunday, December 13
Monday, December 14
|General Session - Welcome to SANS||Bryce Galbraith- Renaissance Washington, DC Downtown Hotel||Monday, December 14th, 8:15am - 8:45am||Special Events|
|General Session - Welcome to SANS||Jason Fossen-Grand Hyatt Washington||Monday, December 14th, 8:15am - 8:45am||Special Events|
|Busting The Rebel Scum - QRadar and Box||Peter Szczepankiewicz. SANS Certified Instructor and IBM Product Manager and Sonny Hashmi, Managing Director, Box||Monday, December 14th, 12:30pm - 1:15pm||Lunch and Learn|
|Mike Assante talks on ICS Security Case Studies||Mike Assante||Monday, December 14th, 6:30pm - 8:00pm||Special Events|
|What's New for Security in Windows 10 and Server 2016?||Jason Fossen||Monday, December 14th, 7:15pm - 9:15pm||Keynote|
Tuesday, December 15
|Defining Your First Line of Defense||Tom Byrnes, Founder and CEO||Tuesday, December 15th, 12:30pm - 1:15pm||Lunch and Learn|
|Launch, Detect, Evolve: The Mutation of Malware||Andres Ortiz, Malware Intelligence Analyst||Tuesday, December 15th, 12:30pm - 1:15pm||Lunch and Learn|
|An Architecture for Continuous Monitoring and Mitigation||Matt Hartley, Director - Federal Civilian Agencies & Systems Integrators and Ellen Sundra, CISSP - Director of Systems Engineering - DOD, Forescout Technologies||Tuesday, December 15th, 12:30pm - 1:15pm||Lunch and Learn|
|Think Like an Attacker: What You Must Know About Targeted Attack Techniques||Michael Mumcuoglu, Co-Founder, and Chief Technology Officer||Tuesday, December 15th, 12:30pm - 1:15pm||Lunch and Learn|
|Women's CONNECT Event in partnership with ISSA International Women In Security Special Interest Group (WIS SIG)||—||Tuesday, December 15th, 5:00pm - 7:00pm||Special Events|
|Offensive Countermeasures, Active Defenses, and Internet Tough Guys||John Strand||Tuesday, December 15th, 7:15pm - 8:15pm||SANS@Night|
|The Crazy New World of Cyber Investigations: Law, Ethics and Evidence||Benjamin Wright||Tuesday, December 15th, 7:15pm - 8:15pm||SANS@Night|
|Automating Post-Exploitation with PowerShell||James Tarala||Tuesday, December 15th, 7:15pm - 8:15pm||SANS@Night|
|The Effectiveness of Microsoft's EMET||Stephen Sims||Tuesday, December 15th, 8:15pm - 9:15pm||SANS@Night|
|How to bring some Advanced Persistent Trickery to your fight against Advanced Persistent Threats...||Bryce Galbraith||Tuesday, December 15th, 8:15pm - 9:15pm||SANS@Night|
Wednesday, December 16
|Vendor Solutions Expo||—||Wednesday, December 16th, 12:00pm - 1:30pm||Vendor Event|
|Vendor Solutions Expo||—||Wednesday, December 16th, 5:30pm - 7:30pm||Vendor Event|
|Malware Analysis for Incident Responders: Getting Started||Lenny Zeltser||Wednesday, December 16th, 7:15pm - 9:15pm||SANS@Night|
|The Tap House||Phil Hagen||Wednesday, December 16th, 7:15pm - 8:15pm||SANS@Night|
|ICS/SCADA Cyber Attacks - Fact vs. Fiction||Robert M. Lee||Wednesday, December 16th, 7:15pm - 8:15pm||SANS@Night|
|The Plinko Board of Modern Persistence Techniques||Alissa Torres||Wednesday, December 16th, 8:15pm - 9:15pm||SANS@Night|
|Debunking the Complex Password Myth||Keith Palmgren||Wednesday, December 16th, 8:15pm - 9:15pm||SANS@Night|
|GIAC Program Overview||Courtney Imbert||Wednesday, December 16th, 8:15pm - 9:15pm||Special Events|
Thursday, December 17
|STI Lunch and Learn||—||Thursday, December 17th, 12:30pm - 1:15pm||Lunch and Learn|
|Prevent - Detect - Respond||Derrick Masters, Security Analyst, Infogressive||Thursday, December 17th, 12:30pm - 1:15pm||Lunch and Learn|
|See Threats Coming with DomainTools||Mark Kendrick, Director of Solution Engineering||Thursday, December 17th, 12:30pm - 1:15pm||Lunch and Learn|
|Crack the Code: Defeat the Advanced Adversary||Robert Clark, Systems Engineer, Palo Alto Networks||Thursday, December 17th, 12:30pm - 1:15pm||Lunch and Learn|
|Foundational Cyber Security Hygiene: Getting Back to Basics||Hariom Singh, CISSP, Director of Policy Compliance||Thursday, December 17th, 12:30pm - 1:15pm||Lunch and Learn|
|CISA: How do we get past walking and actually start running with Information Sharing?||Trish Cagliostro, Principal Security Architect||Thursday, December 17th, 12:30pm - 1:15pm||Lunch and Learn|
|NetWars Tournament of Champions||Ed Skoudis, Tim Medin, and Jeff McJunkin||Thursday, December 17th, 6:30pm - 9:30pm||Special Events|
|Evolving Threats||Paul Henry||Thursday, December 17th, 7:15pm - 8:15pm||SANS@Night|
|Card Fraud 101||G. Mark Hardy||Thursday, December 17th, 7:15pm - 8:15pm||SANS@Night|
|Building a Web Application Vulnerability Management Program||Jason Pubal - Master's Degree Candidate||Thursday, December 17th, 7:15pm - 8:15pm||Master's Degree Presentation|
|The 14 Absolute Truths of Security||Keith Palmgren||Thursday, December 17th, 8:15pm - 9:15pm||SANS@Night|
|Information Security Risk Management - No Exceptions!||Mark Williams||Thursday, December 17th, 8:15pm - 9:15pm||SANS@Night|