San Antonio 2014

San Antonio, TX | Mon, Aug 11 - Sat, Aug 16, 2014

How to Spy on your Employees with Memory Forensics

  • Jake Williams
  • Wednesday, August 13th, 8:15pm - 9:15pm

Many companies can't afford employee endpoint monitoring software such as SpectorPro, and yet still have the need to figure out how a rogue employee is spending his time on the job. Consider a cheaper solution for employee spying- one that makes use of native Windows services and an investigator's ninja memory analysis skills. Whether it be creating a scheduled task to send a machine to hibernate or instantiating an unsuspected memory dump, targeted employee spying can be done on the cheap. Through process enumeration, browsing history reconstruction and memory-mapped file extraction, watch as your presenters piece together what our trusted insider was doing on their company computer, unbeknownst to his boss. Even if you don't have the need to covertly investigate a rogue employee (yet), this talk will arm you the knowledge to know what is within the realm of the possible.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Monday, August 11
Session Speaker Time Type
General Session - Welcome to SANS Johannes Ullrich Monday, August 11th, 8:15am - 8:45am Special Events
The Bot Inside the Machine Johannes Ullrich Monday, August 11th, 7:15pm - 9:15pm Keynote
Tuesday, August 12
Session Speaker Time Type
Weaponizing Cybercurrencies G. Mark Hardy Tuesday, August 12th, 7:15pm - 8:15pm SANS@Night
Infosec Rock Star: How to be a More Effective Security Professional Ted Demopoulos Tuesday, August 12th, 8:15pm - 9:15pm SANS@Night
Wednesday, August 13
Session Speaker Time Type
The 13 Absolute Truths of Security Keith Palmgren Wednesday, August 13th, 7:15pm - 8:15pm SANS@Night
How to Spy on your Employees with Memory Forensics Jake Williams Wednesday, August 13th, 8:15pm - 9:15pm SANS@Night
Thursday, August 14
Session Speaker Time Type
Debunking the Complex Password Myth Keith Palmgren Thursday, August 14th, 7:15pm - 8:15pm SANS@Night
WiCat - a covert channel in WiFi. Ron Hamann Thursday, August 14th, 8:15pm - 9:15pm SANS@Night