Know Thyself: Brian Krebs is a Nice Guy But You Don't Want Him Writing About You
- Ryan Johnson
- Wednesday, October 22nd, 8:15pm - 9:15pm
We are often asked to come into an organization and answer the question, "Are we owned?". Many times when we try to answer that question, we're faced with the ultimate security and forensics dilemma- they don't have any data to help you answer the question. No firewall logs. No full packet capture. No idea what should be on their endpoint systems. No idea what should be transiting their network. Nothing.
In this talk, Ryan will talk about a method that he uses to help answer the question. Ryan will describe how you can look across the entire organization and get a snapshot assessment of the compromise status of the enterprise using all your lethal forensicator knowledge, progressively narrowing down the massive dataset to something more manageable.
Ryan is a director and lead incident responder in the cyber division of consulting firm Alvarez & Marsal. He was a co-owner of Forward Discovery where he was the lead incident responder and supported the creation and maintenance of the Raptor acquisition tool. Ryan has been investigating crimes in the digital realm for more than 10 years including performing media exploitation for the US Army in Iraq.
Ryan has run multiple large-scale breach investigations and also provides clients with proactive assessments which assist them with identifying both security gaps and identifying systems which are already compromised. Ryan teaches with the US State Department's Anti-Terrorism Assistance program and is a co-author of several of their digital forensics courses. Ryan co-authored Mastering Windows Network Forensics and Investigations, Second Edition.
Ryan's industry credentials include: GIAC Certified Incident Handler (GCIH), Certified Forensic Computer Examiner (CFCE), Digital Forensics Certified Professional (DFCP), EnCase Certified Examiner (EnCE), and Payment Card Industry Professional (PCIP). He earned an M.S. from Dalhousie University and a B.S. from Queen's University.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
- Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
|Registration Welcome Reception||—||Sunday, October 19th, 5:00pm - 7:00pm||Special Events|
|Women in Technology Meet and Greet||—||Sunday, October 19th, 7:00pm - 8:00pm||Reception|
|General Session - Welcome to SANS||Dr. Eric Cole||Monday, October 20th, 8:15am - 8:45am||Special Events|
|Breaking and Fixing Critical Infrastructure||Justin Searle, Managing Partner - UtiliSec||Monday, October 20th, 12:30pm - 1:15pm||Lunch and Learn|
|SANS Technology Institute Open House||Bill Lockhart, Executive Director, SANS Technology Institute||Monday, October 20th, 6:00pm - 7:00pm||Special Events|
|APT: It is Time to Act||Dr. Eric Cole||Monday, October 20th, 7:15pm - 9:15pm||Keynote|
|Beyond the Breach - A Look Into the Latest Threat Trends||Marshall Heilman, Managing Director, Mandiant, a FireEye Company||Tuesday, October 21st, 12:30pm - 1:15pm||Lunch and Learn|
|Simplify Your Security Operations with One Solution for Detecting Advanced Malware and Exploitable Vulnerabilities||Speaker: Narayan Makaram, Product Marketing Manager, Tenable Network Security, Inc.||Tuesday, October 21st, 12:30pm - 1:15pm||Lunch and Learn|
|Fortinet Next Generation Firewalls||Justin Kallhoff, Founder, Infogressive||Tuesday, October 21st, 12:30pm - 1:15pm||Lunch and Learn|
|Continuous Monitoring & Mitigation||Eric Vanderbur, Systems Engineer, ForeScout Technologies||Tuesday, October 21st, 12:30pm - 1:15pm||Lunch and Learn|
|Continuous Security Intelligence with the SANS Critical Security Controls||Vijay Basani, President/CEO, EiQ Networks||Tuesday, October 21st, 12:30pm - 1:15pm||Lunch and Learn|
|Expose the Underground: Malware from the eyes of the Attacker||Erik Yunghans, Consulting Engineer, PaloAlto Networks||Tuesday, October 21st, 12:30pm - 1:15pm||Lunch and Learn|
|Predictive Threat Intelligence: Connecting the Dots to Block Unknown Perimeter Threats||Presented by Chris Jacob, WEBROOT Strategic Alliances||Tuesday, October 21st, 12:30pm - 1:15pm||Lunch and Learn|
|Malware Analysis Essentials Using REMnux||Lenny Zeltser||Tuesday, October 21st, 7:15pm - 8:15pm||SANS@Night|
|An Introduction to PowerShell for Security Assessments||James Tarala||Tuesday, October 21st, 7:15pm - 8:15pm||SANS@Night|
|The 13 Absolute Truths of Security||Keith Palmgren||Tuesday, October 21st, 7:15pm - 8:15pm||SANS@Night|
|Straddling the Next Frontier: How Quantum Technologies Have Already Begun Impacting the Cyber Security Landscape.||Eric Jodoin - Master's Degree Candidate||Tuesday, October 21st, 7:15pm - 7:55pm||Master's Degree Presentation|
|The Great Browser Schism: How to Analyze IE10 & IE11||Chad Tilbury||Tuesday, October 21st, 8:15pm - 9:15pm||SANS@Night|
|Evolving Threats||Paul A. Henry||Tuesday, October 21st, 8:15pm - 9:15pm||SANS@Night|
|Risky Business||Robert Sorensen - Master's Degree Candidate||Tuesday, October 21st, 8:15pm - 8:55pm||Master's Degree Presentation|
|Vendor Solutions Expo||—||Wednesday, October 22nd, 12:00pm - 1:30pm||Vendor Event|
|Vendor Solutions Expo||—||Wednesday, October 22nd, 5:30pm - 7:30pm||Vendor Event|
|How Not to Suck at Pentesting||John Strand||Wednesday, October 22nd, 7:15pm - 8:15pm||SANS@Night|
|Weaponizing Digital Currency||G. Mark Hardy||Wednesday, October 22nd, 7:15pm - 8:15pm||SANS@Night|
|Debunking the Complex Password Myth||Keith Palmgren||Wednesday, October 22nd, 7:15pm - 8:15pm||SANS@Night|
|Finding the Wolf in Sheep‚s Clothing: Integrating Identity into Intrusion Detection||Courtney Imbert - Master's Degree Candidate||Wednesday, October 22nd, 7:15pm - 7:55pm||Master's Degree Presentation|
|SANS 8 Mobile Device Security Steps||Chris Crowley||Wednesday, October 22nd, 8:15pm - 9:15pm||SANS@Night|
|Know Thyself: Brian Krebs is a Nice Guy But You Don't Want Him Writing About You||Ryan Johnson||Wednesday, October 22nd, 8:15pm - 9:15pm||SANS@Night|
|The Cost of Bad Project Management||George Khalil - Master's Degree Candidate||Wednesday, October 22nd, 8:15pm - 8:55pm||Master's Degree Presentation|
|Connecting Your Business to the Unsecured Internet - The DDoS Threat||Stephen Gates, Security Evangelist, Corero||Thursday, October 23rd, 12:30pm - 1:15pm||Lunch and Learn|
|Stay Ahead of the Adversary with Network Security Analytics||H. Michael Nichols, Senior Manager, Sales Engineering, General Dynamics Fidelis Cybersecurity Solutions||Thursday, October 23rd, 12:30pm - 1:15pm||Lunch and Learn|
|Retina Vulnerability Management: The Best-Kept Secret in Security||Jason Williams, Security Engineer, BeyondTrust||Thursday, October 23rd, 12:30pm - 1:15pm||Lunch and Learn|
|Automated Attack Simulation ‚ Network Pen-Testing the Easy Way||Sean Keef, Director, Sales Engineering, Skybox Security||Thursday, October 23rd, 12:30pm - 1:15pm||Lunch and Learn|
|All Your Metadatas Are Belong To Me: Reverse Engineering Emails on an Enterprise Level||Ronnie Tokazowski, Senior Researcher, PhishMe||Thursday, October 23rd, 12:30pm - 1:15pm||Lunch and Learn|
|The Law of Offensive Countermeasures, Active Defense or Whatever You Wanna Call It||Benjamin Wright||Thursday, October 23rd, 7:15pm - 8:15pm||SANS@Night|
|Windows Exploratory Surgery with Process Hacker-||Jason Fossen||Thursday, October 23rd, 7:15pm - 8:45pm||SANS@Night|
|Compli-promised: Balancing with Risk Mgt||My-Ngoc Nguyen||Thursday, October 23rd, 7:15pm - 8:15pm||SANS@Night|
|Analysis of Meterpreter During Post-Exploitation||Kiel Wadner - Master's Degree Candidate||Thursday, October 23rd, 7:15pm - 7:55pm||Master's Degree Presentation|
|GIAC Program Overview||Jeff Frisk||Thursday, October 23rd, 8:15pm - 8:45pm||Special Events|
|Sushi-grade Smartphone Forensics on a Ramen Noodle Budget||Heather Mahalik||Thursday, October 23rd, 8:15pm - 9:15pm||SANS@Night|
|Logs, Logs, Every Where / Nor Any Byte to Grok||Phil Hagen||Thursday, October 23rd, 8:15pm - 9:15pm||SANS@Night|
|The Bot Inside the Machine||Johannes Ullrich||Friday, October 24th, 7:15pm - 8:15pm||SANS@Night|
|Security Awareness Metrics: Measuring Human Behavior||Lance Spitzner||Friday, October 24th, 7:15pm - 8:15pm||SANS@Night|
|Securing The Kids||Lance Spitzner||Friday, October 24th, 8:15pm - 9:15pm||SANS@Night|