Join us for the FREE Cyber Defense Forum | Live Online on October 9

Open-Source Intelligence Summit

Alexandria, VA | Tue, Feb 18 - Mon, Feb 24, 2020
This event is over,
but there are more training opportunities.

Living Off the Land: Red Team Survival Tactics

  • Alissa Torres
  • Wednesday, February 19th, 6:15pm - 7:15pm

Adversaries must evade and survive to win! As visibility increases for both network and host detection, attackers are walking a tightrope, having to bypass whitelisting, circumvent exploit mitigation protections, and slip past network and host-based signature and behavior detection systems to meet mission objectives. Ask any survivalist - when in hostile terrain, it is best to live off the land! With LOLBins, attackers with a little knowledge of Windows Internals (or just the right tricks in their toolbag) repurpose native Windows utilities to download additional payloads, establish persistence, perform discovery and accomplish exfiltration. Blue teams struggle to detect these techniques since they blend into the white-noise of normal operations. Join us for a walk-through of some of the best of LOLBins from recent attacks.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Lunch & Learn: Short presentations given during the lunch break.
Tuesday, February 18
Session Speaker Time Type
Using Skopenow to Automate OSINT Practices Robert Douglas, CEO Tuesday, February 18th, 12:10pm - 1:30pm Lunch and Learn
OSINT Summit Reception Tuesday, February 18th, 5:15pm - 7:15pm Reception
Wednesday, February 19
Session Speaker Time Type
Living Off the Land: Red Team Survival Tactics Alissa Torres Wednesday, February 19th, 6:15pm - 7:15pm SANS@Night
You don't know HIPAA! Doc Blackburn Wednesday, February 19th, 7:15pm - 8:15pm SANS@Night
Thursday, February 20
Session Speaker Time Type
Moving Past Just Googling It: Harvesting and Using OSINT Micah Hoffman Thursday, February 20th, 7:15pm - 8:15pm SANS@Night