Get an iPad mini, ASUS ZenScreen LED Monitor, or $350 Off with OnDemand Training thru 5/19

Los Angeles - Long Beach 2017

Long Beach, CA | Mon, Jul 10 - Sat, Jul 15, 2017
This event is over,
but there are more training opportunities.

Dissect the Phish to Hunt Infections

  • Seth Polley- Master's Degree Candidate
  • Thursday, July 13th, 7:15pm - 7:55pm

Considering the rise of phishing campaigns, there is a significantly increased risk that an organization's current external and internal defenses will fail to prevent compromise. An infrastructure of Windows hosts can be difficult to monitor or investigate when security concerns arise. Command-line process auditing can bridge these gaps, becoming an incredibly powerful tool when combined with a SIEM. Seth will present tools that can be used to audit Windows hosts, show how to analyze phishing emails utilizing a multifaceted approach, and then demonstrate methods to search for user-initiated compromises that a security stack can fail to identify. The presentation is geared towards maturing organizations wishing to move from a passive defense (reliance on static tools) to that of an active defense (hunting for suspicious/malicious activity) where they can gather information on threats to their organization and respond to an attack before it has an overwhelming impact.

Speaker Bio: Seth Polley has worked in the IT industry for over 9 years, the last 2 within Cyber Security. He currently works as a Security Operations Center (SOC) Analyst for Bechtel Corporation. Seth has nearly completed his graduate degree through the SANS MSISE program and holds an undergraduate degree in Information Technology (Information Security) through Excelsior College. He currently holds 15+ certifications, those obtained in the past two years pertaining to security include: Security+, CEH, GCED, GISP, GCIH, Splunk Certified Power User, GCIA, GPEN, GCCC, and GSEC.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
  • Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Monday, July 10
Session Speaker Time Type
General Session - Welcome to SANS G. Mark Hardy Monday, July 10th, 8:00am - 8:30am Special Events
Tools and Techniques for Assessing Suspected Android Malware Chris Crowley Monday, July 10th, 7:15pm - 8:15pm Keynote
Tuesday, July 11
Session Speaker Time Type
Vendor Showcase Tuesday, July 11th, 10:30am - 10:50am Vendor Event
Vendor Showcase Tuesday, July 11th, 12:15pm - 1:30pm Vendor Event
Cisco Umbrella - Your First Line of Defense Against Ransomware and Malware Robert McLean, Consulting Systems Engineer Tuesday, July 11th, 12:30pm - 1:15pm Lunch and Learn
Vendor Showcase Tuesday, July 11th, 3:00pm - 3:20pm Vendor Event
Anti-Ransomware: How to Turn the Tables G. Mark Hardy Tuesday, July 11th, 7:15pm - 8:15pm SANS@Night
Wednesday, July 12
Session Speaker Time Type
The Red Pill. Become Aware: Squashing Security Misconceptions and More. My-Ngoc Nguyen Wednesday, July 12th, 7:15pm - 9:15pm SANS@Night
Thursday, July 13
Session Speaker Time Type
Dissect the Phish to Hunt Infections Seth Polley- Master's Degree Candidate Thursday, July 13th, 7:15pm - 7:55pm Master's Degree Presentation