There Has To Be a Better Way.
- Will Irace, Director of Research & Services
- Monday, September 19th, 12:30pm - 1:15pm
Infection! Now what?
Find the pcap. Locate the suspicious SMTP session. Extract the multipart MIME message. Decode the Base64 blob. Unpack the Zip. Parse the PDF. Divine the location of the compressed JavaScript. Decompress its deflate stream. If you're very lucky, and very very good, you'll complete this task before three more outbreaks are waiting in your queue.
In this session we'll present a new paradigm for efficiently visualizing and analyzing sessions, payloads and metadata. We'll introduce the "session decoding tree" and present a policy framework that addresses its every leaf. Then we'll show you a technology that can apply your policies to multi-gigabit traffic fast enough to kill the bad stuff using this framework.
Will Irace started his infosec career at Internet Security Systems in 2001. Today he's Director of Research & Services-and junior author of cryptographic puzzles-at Fidelis Security Systems.
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
Monday, September 19
| Session | Speaker | Time | Type |
|---|---|---|---|
| The Dark Side of Social Networks: Malware & Fraud | Dr. Paul Judge, Chief Research Officer | Monday, September 19th, 12:30pm - 1:15pm | Lunch and Learn |
| Spear Phishing: The truth behind Night Dragon, Aurora, and APT | Rohyt Belani, CEO, PhishMe Inc. | Monday, September 19th, 12:30pm - 1:15pm | Lunch and Learn |
| Unified Security Monitoring | Serge Nadon, Sales Engineer | Monday, September 19th, 12:30pm - 1:15pm | Lunch and Learn |
| Eyes on the Prize: Protecting Your Valuable Assets | Shawn Munoz, Senior Sales Engineer, ArcSight - an HP Company | Monday, September 19th, 12:30pm - 1:15pm | Lunch and Learn |
| There Has To Be a Better Way. | Will Irace, Director of Research & Services | Monday, September 19th, 12:30pm - 1:15pm | Lunch and Learn |
| How to Become a SANS Instructor | Eric Conrad | Monday, September 19th, 12:30pm - 1:15pm | Special Events |
Tuesday, September 20
| Session | Speaker | Time | Type |
|---|---|---|---|
| Vendor Expo | — | Tuesday, September 20th, 12:00pm - 1:30pm Tuesday, September 20th, 5:00pm - 7:00pm |
Vendor Event |
| Vendor Sponsored Lunch Session | — | Tuesday, September 20th, 12:00pm - 1:30pm | Vendor Event |
| Vendor Welcom Reception | — | Tuesday, September 20th, 5:00pm | Vendor Event |
| Book Signing - SANS Published Authors | — | Tuesday, September 20th, 6:00pm - 6:30pm | Vendor Event |
| Securing The Kids | Lance Spitzner | Tuesday, September 20th, 7:15pm - 8:15pm | SANS@Night |
| Securing The Human | Lance Spitzner | Tuesday, September 20th, 8:15pm - 9:15pm | SANS@Night |
Wednesday, September 21
| Session | Speaker | Time | Type |
|---|---|---|---|
| Building Trusted Clouds | Ravi Kumar, Group Manager | Wednesday, September 21st, 12:30pm - 1:15pm | Lunch and Learn |
| Efficient Vulnerability Management with Penetration Testing | Alex Horan, Project Manager | Wednesday, September 21st, 12:30pm - 1:15pm | Lunch and Learn |
| Building an APT Protection Plan | Joshua McCarthy, Systems Consulting Engineer | Wednesday, September 21st, 12:30pm - 1:15pm | Lunch and Learn |
| Adding Rich Access Control and Audit Logging to Windows Applications | Andy Milford and Andy Hopper | Wednesday, September 21st, 12:30pm - 1:15pm | Lunch and Learn |
| Network Security Evolved: Enabling DNSSEC | Johannes Ullrich, Ph.D. | Wednesday, September 21st, 6:15pm - 7:15pm | SANS@Night |
| Windows Exploratory Surgery with Process Hacker | Jason Fossen | Wednesday, September 21st, 8:15pm - 9:15pm | SANS@Night |
Thursday, September 22
| Session | Speaker | Time | Type |
|---|---|---|---|
| GIAC Program Overview | Jeff Frisk | Thursday, September 22nd, 6:00pm - 7:00pm | Special Events |
| Big Brother Forensics: You Can Run but You Can't Hide! | Chad Tilbury | Thursday, September 22nd, 6:15pm - 8:45pm | SANS@Night |
| NetWars | — | Thursday, September 22nd, 6:30pm - 9:30pm | Special Events |
| SANS Technology Institute Brief | Stephen Northcutt | Thursday, September 22nd, 7:00pm - 7:45pm | Special Events |
| Emerging Trends in the Law of Information Security and Investigations | Ben Wright | Thursday, September 22nd, 7:15pm - 8:15pm | SANS@Night |
| How to Steal a Million: Exploitation in a Web-connected World | Kevin Johnson | Thursday, September 22nd, 8:15pm - 9:15pm | SANS@Night |
Friday, September 23
| Session | Speaker | Time | Type |
|---|---|---|---|
| NetWars | — | Friday, September 23rd, 6:30pm - 9:30pm | Special Events |
| Iron Fan III | — | Friday, September 23rd, 7:00pm | Special Events |
| Who is Watching the Watchers? | Mike Poor | Friday, September 23rd, 7:15pm - 8:15pm | SANS@Night |
| Pentesting Web Apps with Python | Justin Searle | Friday, September 23rd, 7:15pm - 8:15pm | SANS@Night |
