Sleeping Your Way Out of the Sandbox
- Hassan Mourad- Master's Degree Candidate
- Wednesday, September 14th, 7:15pm - 7:55pm
With over a million new malware samples per day, traditional signature base detection are failing to catch up. This created a huge demand on the security industry to offer unconventional ways to address the rising threat. One of the offered solutions was file-based sandboxing. Sandboxes were marketed as the solution for solving your malware problems, yet it is becoming trivial to evade sandbox detection. In this presentation we will discuss several ways to evade sandboxes and introduce a couple of new techniques. Our goal is to figure out if, where and how the sandbox can fit in your overall security defense and how the currently offered solutions can be enhanced to add real value to your defense strategy.
Speaker Bio: Hassan has been in the information security field for over 15 years. He is currently working as a senior security advisor for a multinational telecommunication group with focus on telecom security & threat hunting. Hassan in also an active member in the region's security community, a board member in OWASP Cairo chapter, and a regular speaker at local and regional conferences. He is currently enrolled in SANS Technology Institute working toward his Masters degree in Information Security Engineering.
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
- Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Saturday, September 10
| Session | Speaker | Time | Type |
|---|---|---|---|
| GSE Lab Examination | — | Saturday, September 10th, 8:00am - 5:30pm | Special Events |
Sunday, September 11
| Session | Speaker | Time | Type |
|---|---|---|---|
| GSE Lab Examination | — | Sunday, September 11th, 8:00am - 5:30pm | Special Events |
| Securing Your Kids | Lance Spitzner | Sunday, September 11th, 7:00pm - 8:00pm | SANS@Night |
Monday, September 12
| Session | Speaker | Time | Type |
|---|---|---|---|
| General Session - Welcome to SANS | Bryan Simon | Monday, September 12th, 8:00am - 8:30am | Special Events |
| Women's CONNECT Event | Hosted by SANS COINS program and ISSA WIS SIG | Monday, September 12th, 6:15pm - 7:15pm | Special Events |
| An Interactive Look at Cyber Crime & Today's Threat Landscape | James Lyne & Stephen Sims | Monday, September 12th, 7:15pm - 9:15pm | Keynote |
Tuesday, September 13
| Session | Speaker | Time | Type |
|---|---|---|---|
| SANS Graduate Programs - Breakfast Information Session | Eric Patterson, Executive Director, SANS Technology Institute | Tuesday, September 13th, 7:15am - 8:15am | Special Events |
| Metadata Matters | Kurt Silberberg, Cyber Intel Analyst, Leidos Cyber | Tuesday, September 13th, 12:30pm - 1:15pm | Lunch and Learn |
| Solving Todayâs Top Problems with Firewalls | Ofer Elzam, Director of Product Management, Sophos | Tuesday, September 13th, 12:30pm - 1:15pm | Lunch and Learn |
| Supporting CIS Critical Security Controls with ForeScout | Sandeep Kumar, Director Product Marketing | Tuesday, September 13th, 12:30pm - 1:15pm | Lunch and Learn |
| Beyond IOC's- Pragmatic attacker identification | Eric Cornelius, Consulting Director, ICS | Tuesday, September 13th, 12:30pm - 1:15pm | Lunch and Learn |
| Stepwise Security - A Planned Path to Reducing Risk | Chris Webber, Security Strategist | Tuesday, September 13th, 12:30pm - 1:15pm | Lunch and Learn |
| GIAC Program Presentation | Jeff Frisk | Tuesday, September 13th, 6:15pm - 7:15pm | SANS@Night |
| Hacker Simulation Challenge - Think Like an Attacker | — | Tuesday, September 13th, 6:30pm - 8:30pm | Vendor Event |
| Using an Open Source Threat Model for Prioritized Defense | James Tarala | Tuesday, September 13th, 7:15pm - 8:15pm | SANS@Night |
| Naked and Afraid Starring Windows 10 Memory | Alissa Torres | Tuesday, September 13th, 7:15pm - 8:15pm | SANS@Night |
| Automated Intrusion Detection and Response on AWS | Teri Radichel- Master's Degree Candidate | Tuesday, September 13th, 7:15pm - 7:55pm | Master's Degree Presentation |
| CISO Success Strategies | Frank Kim | Tuesday, September 13th, 8:15pm - 9:15pm | SANS@Night |
| How to Commit Card Fraud | G. Mark Hardy | Tuesday, September 13th, 8:15pm - 9:15pm | SANS@Night |
| Security Awareness: Understanding and Managing Your Top Seven Human Risks | Lance Spitzner | Tuesday, September 13th, 8:15pm - 9:15pm | SANS@Night |
Wednesday, September 14
| Session | Speaker | Time | Type |
|---|---|---|---|
| Vendor Solutions Expo | — | Wednesday, September 14th, 12:00pm - 1:30pm | Vendor Event |
| Vendor Solutions Expo | — | Wednesday, September 14th, 5:30pm - 7:30pm | Vendor Event |
| Smartphone and Network Forensics Goes Together Like Peas and Carrots | Heather Mahalik and Phil Hagen | Wednesday, September 14th, 7:15pm - 8:15pm | SANS@Night |
| Running Away from Security: Web App Vulnerabilities and OSINT Collide | Micah Hoffman | Wednesday, September 14th, 7:15pm - 8:15pm | SANS@Night |
| Quality not Quantity: Continuous Monitoring's Deadliest Events | Eric Conrad | Wednesday, September 14th, 7:15pm - 8:15pm | SANS@Night |
| Sleeping Your Way Out of the Sandbox | Hassan Mourad- Master's Degree Candidate | Wednesday, September 14th, 7:15pm - 7:55pm | Master's Degree Presentation |
| Analyzing the Cyber Attack on the Ukrainian Power Grid | Robert M. Lee | Wednesday, September 14th, 8:15pm - 9:15pm | SANS@Night |
| The iOS of Sauron - How iOS Tracks Everything You Do | Sarah Edwards | Wednesday, September 14th, 8:15pm - 9:15pm | SANS@Night |
Thursday, September 15
| Session | Speaker | Time | Type |
|---|---|---|---|
| Keep Calm and Prioritize: Five Requirements for Streamlining Vulnerability Remediation | Jimmy Graham, Director of Product Management, AssetView and ThreatPROTECT | Thursday, September 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Fraud Threat Detection | Kris Palmer, Senior Security Engineer | Thursday, September 15th, 12:30pm - 1:15pm | Lunch and Learn |
| How to Become a SANS Instructor | Eric Conrad | Thursday, September 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Network Forensics as a Key Element in Intelligence-driven SOC Journey | Uriel Cohen, Director of Products,WireX Systems and Ondrej Krehel, CEO and Founder, LIFARS LLC | Thursday, September 15th, 12:30pm - 1:15pm | Lunch and Learn |
| If You Can't Beat 'Em Join 'Em | Grant McCracken, Application Security Engineer | Thursday, September 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Digital Investigations: Leveraging the Multitude of Records | Ben Wright | Thursday, September 15th, 7:15pm - 8:15pm | SANS@Night |
| Debunking the Complex Password Myth | Keith Palmgren | Thursday, September 15th, 7:15pm - 8:15pm | SANS@Night |
| Big Breaches: Lessons Learned from the OPM Hack | Matt Bromiley | Thursday, September 15th, 7:15pm - 8:15pm | SANS@Night |
| Inside the Defender's Sanctum with Eric Cornelius | Derek Harp | Thursday, September 15th, 8:15pm - 9:15pm | SANS@Night |
Friday, September 16
| Session | Speaker | Time | Type |
|---|---|---|---|
| Leveraging Graph Analytics for Incident Response and Threat Hunting | Colin Estep, Chief Security Officer | Friday, September 16th, 12:30pm - 1:15pm | Lunch and Learn |
