The Tap House
- Philip Hagen
- Wednesday, December 14th, 8:15pm - 9:15pm
Packets move pretty fast. The field of Network Forensics needs to move fast, too. Whether you are investigating a known incident, hunting unidentified adversaries in your environment, or enriching forensic findings from disk- and memory-based examinations, it's critical to stay abreast of the latest developments in the discipline.
In this @Night talk, Phil Hagen will discuss some of the latest technologies, techniques, and tools that you'll want to know in pursuit of forensication nirvana.
Phil is also an avid craft beer fan, so there's a good chance you'll learn something about a new notable national or interesting local beer in the process.
This presentation will be helpful for those who wish to keep up-to-date on the most cutting-edge facets of Network Forensics.
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
- Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Sunday, December 11
| Session | Speaker | Time | Type |
|---|---|---|---|
| Securing Your Kids | Lance Spitzner | Sunday, December 11th, 7:00pm - 8:00pm | SANS@Night |
Monday, December 12
| Session | Speaker | Time | Type |
|---|---|---|---|
| General Session - Welcome to SANS | Bryan Simon | Monday, December 12th, 8:00am - 8:30am | Special Events |
| What's New for Security in Microsoft Windows Server 2016 and Windows 10? | Jason Fossen | Monday, December 12th, 7:15pm - 9:15pm | Keynote |
Tuesday, December 13
| Session | Speaker | Time | Type |
|---|---|---|---|
| Manual Threat Intelligence Management - Doing it the Hard Way | Chris Black, Sr. Sales Engineer | Tuesday, December 13th, 12:30pm - 1:15pm | Lunch and Learn |
| Exploit Prevention: Stop ransomware, zero-day and modern attacks before they get in | Matt Hickey, Director, Sales Engineering | Tuesday, December 13th, 12:30pm - 1:15pm | Lunch and Learn |
| Modern Mobility Ushers in a New Age of Security | Sean Frazier, Chief Technical Evangelist | Tuesday, December 13th, 12:30pm - 1:15pm | Lunch and Learn |
| Adaptive Network Automation Framework in support of Cyber Defense | Richard Larkin, Sr. Network Engineer | Tuesday, December 13th, 12:30pm - 1:15pm | Lunch and Learn |
| Building the business case for IT Vendor Risk Management | French Caldwell, Chief Evangelist | Tuesday, December 13th, 12:30pm - 1:15pm | Lunch and Learn |
| GIAC Program Presentation | Scott Cassity | Tuesday, December 13th, 6:15pm - 7:15pm | SANS@Night |
| Women's CONNECT Event | Hosted by SANS COINS program and ISSA WIS SIG | Tuesday, December 13th, 6:15pm - 9:15pm | Special Events |
| Test your Cyber Security skills through Gaming with Project Ares | Circadence | Tuesday, December 13th, 6:30pm - 8:30pm | Vendor Event |
| Security Awareness: Understanding and Managing Your Top Seven Human Risks | Lance Spitzner | Tuesday, December 13th, 7:15pm - 8:15pm | SANS@Night |
| (CS)2AI Special Event: Control System Cyber Security Association International | Derek Harp and Mike Assante | Tuesday, December 13th, 7:15pm - 8:15pm | Special Events |
| Using Splunk to Detect DNS Tunneling | Steve Jaworski | Tuesday, December 13th, 7:15pm - 7:55pm | Master's Degree Presentation |
| Analysis of the Cyber Attack on the Ukrainian Power Grid | Robert M. Lee | Tuesday, December 13th, 8:15pm - 9:15pm | SANS@Night |
| Current and Future Trends in Digital Investigative Analysis | Ovie Carroll | Tuesday, December 13th, 8:15pm - 9:15pm | SANS@Night |
| Gh0st in the Dshell: Decoding Undocumented Protocols | David Martin | Tuesday, December 13th, 8:15pm - 8:55pm | Master's Degree Presentation |
Wednesday, December 14
| Session | Speaker | Time | Type |
|---|---|---|---|
| Solutions Expo | — | Wednesday, December 14th, 12:00pm - 1:30pm | Vendor Event |
| Solutions Expo | — | Wednesday, December 14th, 5:30pm - 7:30pm | Vendor Event |
| The iOS of Sauron - How iOS Tracks Everything You Do | Sarah Edwards | Wednesday, December 14th, 7:15pm - 8:15pm | SANS@Night |
| CISSP - How to Get the Certification that Matters the Most | David R. Miller | Wednesday, December 14th, 7:15pm - 8:15pm | SANS@Night |
| Collecting Windows Installed Software Details | Jonathan Risto | Wednesday, December 14th, 7:15pm - 7:55pm | Master's Degree Presentation |
| DLP FAIL!!! Using Encoding, Steganography, and Covert Channels to Evade DLP and Other Critical Controls | Kevin Fiscus | Wednesday, December 14th, 8:15pm - 9:15pm | SANS@Night |
| The Tap House | Philip Hagen | Wednesday, December 14th, 8:15pm - 9:15pm | SANS@Night |
| Using Vagrant to Create Repeatable and Sharable Research Environments | Shaun McCullough | Wednesday, December 14th, 8:15pm - 8:55pm | Master's Degree Presentation |
Thursday, December 15
| Session | Speaker | Time | Type |
|---|---|---|---|
| Moving Cybersecurity Forward: Introducing Apache Spot | Rocky DeStefano, SME | Thursday, December 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Keep Calm and Prioritize: Five Requirements for Streamlining Vulnerability Remediation | Jimmy Graham, Director of Product Management | Thursday, December 15th, 12:30pm - 1:15pm | Lunch and Learn |
| It'll Be Easy, They Said: Building a Dark Web Crawler | Alex Viana, VP of Engineering | Thursday, December 15th, 12:30pm - 1:15pm | Lunch and Learn |
| How to Become a SANS Instructor | Eric Conrad | Thursday, December 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Lets Plan an APT | Guy Franco, CTO Javelin Networks/Former Israeli Intelligence Unit | Thursday, December 15th, 12:30pm - 1:15pm | Lunch and Learn |
| All About that Base64 no RATS | Allan Liska, Senior Solutions Architect | Thursday, December 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Maintaining a Digital Evidence Program in an Ever-Changing Environment | Charles Mallery | Thursday, December 15th, 5:30pm - 6:30pm | Special Events |
| NetWars Tournament of Champions | Hosted by Jeff McJunkin | Thursday, December 15th, 6:30pm - 9:30pm | Special Events |
| Quality not Quantity: Continuous Monitoring's Deadliest Events | Eric Conrad | Thursday, December 15th, 7:15pm - 8:15pm | SANS@Night |
| Prioritizing Your Security Program | Keith Palmgren | Thursday, December 15th, 7:15pm - 8:15pm | SANS@Night |
| Portable NFAT Tools, Techniques, and System Build | Don Murdoch | Thursday, December 15th, 7:15pm - 7:55pm | Master's Degree Presentation |
| Open-Source Intelligence (OSINT) Tips for Malware Investigations | Lenny Zeltser | Thursday, December 15th, 8:15pm - 9:15pm | SANS@Night |
Friday, December 16
| Session | Speaker | Time | Type |
|---|---|---|---|
| Trustworthiness with Cyber-Physical Systems (CPS) | Paul Shaw & Chris Newborn | Friday, December 16th, 5:30pm - 6:30pm | Special Events |
| NetWars Tournament of Champions | Hosted by Jeff McJunkin | Friday, December 16th, 6:30pm - 9:30pm | Special Events |
