The Plinko Board of Modern Persistence Techniques
- Alissa Torres, Certified Instructor, SANS Institute
- Friday, July 10th, 7:00pm - 8:00pm
No matter what techniques an attacker employs to hide and persist on compromised remote systems, we must be up for the challenge, to detect, analyze and remediate. This session focuses on the latest techniques modern malware is using to ensure continued presence in your network. As detailed in recently released industry threat intelligence reports, these methods are increasing in sophistication and are often missed by forensics tools developed only to enumerate common autorun and service persistence methods. In this presentation, we will cover advanced detection techniques, pivoting from physical memory analysis to the examination of remnants found on the file system.
Alissa Torres is a certified SANS instructor, specializing in advanced computer forensics and incident response. Her industry experience includes serving in the trenches as part of the Mandiant Computer Incident Response Team (MCIRT) as an incident handler and working on a internal security team as a digital forensic investigator. She has extensive experience in information security, spanning government, academic, and corporate environments and holds a Bachelors degree from University of Virginia and a Masters from University of Maryland in Information Technology. Alissa has taught as an instructor at the Defense Cyber Investigations Training Academy (DCITA), delivering incident response and network basics to security professionals entering the forensics community. She has presented at various industry conferences and numerous B-Sides events. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
|Live Broadcast||—||Special Events|
Tuesday, July 7
Wednesday, July 8
Thursday, July 9
|CSI and Blackhat Scorpions: From Hollywood to Keyboard||Robert M. Lee, Instructor, SANS Institute||Thursday, July 9th, 6:00pm - 7:00pm||SANS@Night|
|Preparing for PowerShellmageddon - Investigating Windows Command Line Activity||Chad Tilbury, Senior Instructor, SANS Institute||Thursday, July 9th, 7:00pm - 8:00pm||SANS@Night|