Final Week to Get an iPad Mini, Chromebook Flip, or $250 Off with OnDemand and vLive Training!

London 2015

London, United Kingdom | Sat, Nov 14 - Mon, Nov 23, 2015
This event is over,
but there are more training opportunities.

Hunting Your Adversary - How to Operate and Leverage an Incident Response Hunt Team

  • Rob Lee
  • Wednesday, November 18th, 7:00pm - 8:00pm

Over 80% of all breach victims learn of a compromise from third-party notifications, not from internal security teams. In most cases, adversaries have been rummaging through your network undetected for months or even years. Incident response tactics and procedures have evolved rapidly over the past several years. Data breaches and intrusions are growing more complex. Adversaries are no longer compromising one or two systems in your enterprise; they are compromising hundreds. To counter this, many incident response teams are either responding to incidents or hunting for the next ones. As a result, Incident Response Hunt teams have become a dedicated component to most modern SOCs. Incident response techniques that collect, classify, and exploit knowledge about these adversaries - collectively known as cyber threat intelligence - enable network defenders to establish a state of information superiority that decreases the adversary's likelihood of success with each subsequent intrusion attempt. Learn how IR/Hunt teams are formed, operate, best practices, and how they engage their targets across the enterprise. Learn how to hunt your adversaries or simply become another victim.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Monday, November 16
Session Speaker Time Type
Welcome to SANS James Lyne Monday, November 16th, 8:15am - 8:45am Special Events
Evolving Threats & Defences Paul Henry Monday, November 16th, 6:00pm - 8:00pm Keynote
Tuesday, November 17
Session Speaker Time Type
Clean-Up in Datacentre Aisle 7 Steve Armstrong Tuesday, November 17th, 6:00pm - 7:00pm SANS@Night
How to bring some Advanced Persistent Trickery to your fight against Advanced Persistent Threats... Bryce Galbraith Tuesday, November 17th, 7:00pm - 8:00pm SANS@Night
Wednesday, November 18
Session Speaker Time Type
The Making of: The Good, The Bad and The Ugly Raul Siles Wednesday, November 18th, 6:00pm - 7:00pm SANS@Night
Hunting Your Adversary - How to Operate and Leverage an Incident Response Hunt Team Rob Lee Wednesday, November 18th, 7:00pm - 8:00pm SANS@Night
Thursday, November 19
Session Speaker Time Type
Secure at the (Software) Source Pieter Danhieux Thursday, November 19th, 6:00pm - 7:00pm SANS@Night
Dissecting the Latest and Greatest Malware Attacks Jess Garcia Thursday, November 19th, 7:00pm - 8:00pm SANS@Night