Cyber Skills Training at SANS San Diego 2017. Save $200 thru 9/27.

Rocky Mountain 2017

Denver, CO | Mon, Jun 12 - Sat, Jun 17, 2017
This event is over,
but there are more training opportunities.

Dissecting various real-world DGA variants

  • Sean Ennis, Senior Systems Engineer, Cybereason
  • Tuesday, June 13th, 12:30pm - 1:15pm

Attackers often turn to DGAs to generate large numbers of random Internet addresses to link to C&C servers. DGAs are an effective covert communication method. They are relatively easy to implement, difficult to block, almost impossible to predict in advance, and can be quickly modified if the previously used algorithm becomes known.

Instead of traditional detection methods that tend to look for each DGA variant separately, (the Cybereason platform) look(s) for behaviors associated with DGAs. Just detecting a DGA incriminates a process as malicious since no legitimate process will ever use such a technique.

Join Cybereason‚s Sean Ennis, Senior Systems Engineer as he dissects eight specific DGA methods currently being used by malware and exploit kits. Also, learn to identify DGA communication patterns and see how behavioral DGA detection actually works in a corporate scenario.

Cybereason

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Lunch & Learn: Short presentations given during the lunch break.
Monday, June 12
Session Speaker Time Type
General Session - Welcome to SANS Keith Palmgren Monday, June 12th, 8:00am - 8:30am Special Events
Welcome Threat Hunters, Phishermen, and Other Liars Rob Lee Monday, June 12th, 7:15pm - 9:15pm Keynote
Tuesday, June 13
Session Speaker Time Type
Dissecting various real-world DGA variants Sean Ennis, Senior Systems Engineer, Cybereason Tuesday, June 13th, 12:30pm - 1:15pm Lunch and Learn
Soc-as-a-Service: All the Benefits of a Security Operations Center without the High Costs of a DIY Solution James McCarthy, Systems Engineer, Arctic Wolf Networks Tuesday, June 13th, 12:30pm - 1:15pm Lunch and Learn
Women's CONNECT Event Hosted by SANS COINS program and ISSA WIS SIG Tuesday, June 13th, 6:00pm - 9:15pm Special Events
Quality not Quantity: Continuous Monitoring's Deadliest Events Eric Conrad Tuesday, June 13th, 7:15pm - 8:15pm SANS@Night
Anti-Ransomware: How to Turn the Tables G. Mark Hardy Tuesday, June 13th, 8:15pm - 9:15pm SANS@Night
Wednesday, June 14
Session Speaker Time Type
How to Become a SANS Instructor Eric Conrad Wednesday, June 14th, 12:30pm - 1:15pm Lunch and Learn
SANS Graduate Program - Prospective Student Social Wednesday, June 14th, 5:15pm - 7:15pm Special Events
So, You Wanna Be a Pentester? Adrien de Beaupre Wednesday, June 14th, 7:15pm - 8:15pm SANS@Night
Collecting and Exploiting Your ''Private" Internet Data using OSINT Micah Hoffman Wednesday, June 14th, 8:15pm - 9:15pm SANS@Night
Thursday, June 15
Session Speaker Time Type
Internet of Things (IoT) and Embedded Device Security Research - A Primer Billy Rios Thursday, June 15th, 7:15pm - 8:15pm SANS@Night