Register now for SANS Cyber Defense Initiative 2016 and save $400.

DFIR Summit

Austin, TX | Tue, Jul 7 - Tue, Jul 14, 2015

The Plinko Board of Modern Persistence Techniques

  • Alissa Torres, Certified Instructor, SANS Institute
  • Friday, July 10th, 7:00pm - 8:00pm

No matter what techniques an attacker employs to hide and persist on compromised remote systems, we must be up for the challenge, to detect, analyze and remediate. This session focuses on the latest techniques modern malware is using to ensure continued presence in your network. As detailed in recently released industry threat intelligence reports, these methods are increasing in sophistication and are often missed by forensics tools developed only to enumerate common autorun and service persistence methods. In this presentation, we will cover advanced detection techniques, pivoting from physical memory analysis to the examination of remnants found on the file system.

Alissa Torres is a certified SANS instructor, specializing in advanced computer forensics and incident response. Her industry experience includes serving in the trenches as part of the Mandiant Computer Incident Response Team (MCIRT) as an incident handler and working on a internal security team as a digital forensic investigator. She has extensive experience in information security, spanning government, academic, and corporate environments and holds a Bachelors degree from University of Virginia and a Masters from University of Maryland in Information Technology. Alissa has taught as an instructor at the Defense Cyber Investigations Training Academy (DCITA), delivering incident response and network basics to security professionals entering the forensics community. She has presented at various industry conferences and numerous B-Sides events. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
Additional Sessions
Session Speaker Type
Live Broadcast Special Events
Tuesday, July 7
Session Speaker Time Type
Vendor Solutions Expo Tuesday, July 7th, 10:10am - 10:30am Vendor Event
Vendor Solutions Expo Tuesday, July 7th, 3:45pm - 4:05pm Vendor Event
DFIR Night in Austin Tuesday, July 7th, 7:00pm - 9:00pm Reception
Wednesday, July 8
Session Speaker Time Type
Vendor Solutions Expo Wednesday, July 8th, 9:45am - 10:15am Vendor Event
The Power of 3 Wednesday, July 8th, 12:00pm - 1:00pm Lunch and Learn
Vendor Solutions Expo Wednesday, July 8th, 3:00pm - 3:20pm Vendor Event
Thursday, July 9
Session Speaker Time Type
CSI and Blackhat Scorpions: From Hollywood to Keyboard Robert M. Lee, Instructor, SANS Institute Thursday, July 9th, 6:00pm - 7:00pm SANS@Night
Preparing for PowerShellmageddon - Investigating Windows Command Line Activity Chad Tilbury, Senior Instructor, SANS Institute Thursday, July 9th, 7:00pm - 8:00pm SANS@Night
Friday, July 10
Session Speaker Time Type
The Tap House Phil Hagen, Certified Instructor, SANS Institute Friday, July 10th, 6:00pm - 7:00pm SANS@Night
The Plinko Board of Modern Persistence Techniques Alissa Torres, Certified Instructor, SANS Institute Friday, July 10th, 7:00pm - 8:00pm SANS@Night