Over 35 InfoSec Courses at SANS Cyber Defense Initiative 2017. Save $400 thru 10/18.

San Diego 2017

San Diego, CA | Mon, Oct 30, 2017 - Sat, Nov 4, 2017
Event starts in 13 Days
 

Introducing DeepBlueCLI; A PowerShell Module for Hunt Teaming via Windows Event Logs

  • Eric Conrad
  • Wednesday, November 1st, 7:15pm - 8:15pm

A number of events are triggered in Windows environments during virtually every successful breach. These include service creation events and errors, user creation events, extremely long command lines, compressed and base64 encoded PowerShell functions, and more. Microsoft has added a wealth of blue team tools to its operating systems, including native support of logging the full command line used to launch all processes, without requiring third-party tools (or Sysmon). KB3004375 adds this feature to Windows 7 and Server 2008R2. DeepBlueCLI can automatically determine events that are typically triggered during most successful breaches, including use of malicious command lines including PowerShell.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Monday, October 30
Session Speaker Time Type
General Session - Welcome to SANS Bryan Simon Monday, October 30th, 8:00am - 8:30am Special Events
Actionable Detects: Blue Team Cyber Defense Tactics Seth Misenar Monday, October 30th, 7:15pm - 9:15pm Keynote
Tuesday, October 31
Session Speaker Time Type
State of the Dark Web Matt Edmondson Tuesday, October 31st, 7:15pm - 8:15pm SANS@Night
Anti-Ransomware: How to Turn the Tables G. Mark Hardy Tuesday, October 31st, 8:15pm - 9:15pm SANS@Night
Wednesday, November 1
Session Speaker Time Type
Introducing DeepBlueCLI; A PowerShell Module for Hunt Teaming via Windows Event Logs Eric Conrad Wednesday, November 1st, 7:15pm - 8:15pm SANS@Night