SANS 2014

Orlando, FL | Sat, Apr 5 - Mon, Apr 14, 2014

APT Attacks Exposed: Network, Host, Memory, and Malware Analysis

  • Rob Lee, Ovie Carroll, Alissa Torres, Phil Hagen, and Lenny Zeltser
  • Monday, April 7th, 7:15pm - 9:15pm

For many years, professionals have been asking to see real APT data in a way that shows them how the adversaries compromise and maintain presence on our networks. Now you can experience it first hand - using real data. The SANS Digital Forensics and Incident Response team will take you through an end-to-end investigation similar to briefs that are supplied to C-level executives who want to understand how their network was compromised and how these adversaries think, act, and move around their enterprise.

Starting with core steps in digital forensics, incident response, network forensics, memory analysis, and RE malware, instructors Ovie Carroll (FOR408 - Digital Forensics), Rob Lee (FOR508 - Incident Response), Alissa Torres (FOR526 - Windows Memory Forensics), Phil Hagen (FOR572 â Network Forensics), and Lenny Zeltser (FOR610 - RE Malware) will walk through how key skills are used to solve a single intrusion for 20 minutes each. The tag team approach will detail how response teams can be leveraged in your environment to effectively respond to incidents in your enterprise.

This talk is perfect for those in the trenches or for those in management who really want to understand how a response team identifies and responds to these adversaries. What is it they are after? How did they get in? How did our systems fail to detect them? These questions and more will be answered in this one-of-a-kind keynote.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
Sunday, April 6
Session Speaker Time Type
Registration Welcome Reception Sunday, April 6th, 5:00pm - 7:00pm Reception
Building and Managing a PKI Solution for Small and Medium Size Business Wylie Shanks - Master's Degree Candidate Sunday, April 6th, 7:30pm - 8:10pm Special Events
Monday, April 7
Session Speaker Time Type
General Session - Welcome to SANS Rob Lee Monday, April 7th, 8:15am - 8:45am Special Events
SANS Technology Institute Open House Alan Paller Monday, April 7th, 6:00pm - 7:00pm Special Events
Online Training Pool Party Monday, April 7th, 6:15pm - 7:15pm Special Events
APT Attacks Exposed: Network, Host, Memory, and Malware Analysis Rob Lee, Ovie Carroll, Alissa Torres, Phil Hagen, and Lenny Zeltser Monday, April 7th, 7:15pm - 9:15pm Keynote
Tuesday, April 8
Session Speaker Time Type
How to Become a SANS Instructor John Strand, Certified Instructor Tuesday, April 8th, 12:30pm - 1:15pm Lunch and Learn
Continuous Monitoring & Mitigation Doug Laughlin, Account Manager - GA/FL/Caribbean, ForeScout Technologies, Inc Tuesday, April 8th, 12:30pm - 1:15pm Lunch and Learn
World War C Threat Landscape - A Look At The Threats of Yesterday, The Trends Today, and Whatâs to Come Tomorrow Mark Stanford, Senior Sales Engineering Manager, FireEye, Inc Tuesday, April 8th, 12:30pm - 1:15pm Lunch and Learn
The Power of Metadata Mike Nichols, Senior Technical Product Manager, General Dynamics Fidelis Cybersecurity Tuesday, April 8th, 12:30pm - 1:15pm Lunch and Learn
Enabling Secure Cloud Storage: Moving from Perimeter to Object-Based Protection Gregory Breeze, Principal SE, AlephCloud Tuesday, April 8th, 12:30pm - 1:15pm Lunch and Learn
â˘âThe Power of Lossless Packet Capture (1G-100G) & Real-time Netflowâ Andrew Weisman, Senior Sales Engineer, Emulex Tuesday, April 8th, 12:30pm - 1:15pm Lunch and Learn
ICS Cybersecurity in an Interconnected World Wally Magda Tuesday, April 8th, 12:30pm - 1:15pm Lunch and Learn
Women in Technology Meet and Greet Karen Fioravanti Tuesday, April 8th, 6:15pm - 7:15pm Special Events
Security Awareness Metrics: Measuring Human Behavior Lance Spitzner Tuesday, April 8th, 7:15pm - 8:15pm SANS@Night
RapidTriage: An Automated Approach to System Intrusion Discovery Trenton Bond - Master's Degree Candidate Tuesday, April 8th, 7:15pm - 7:55pm Special Events
An Introduction to PowerShell for Security Assessments James Tarala Tuesday, April 8th, 8:15pm - 9:15pm SANS@Night
Securing The Kids Lance Spitzner Tuesday, April 8th, 8:15pm - 9:15pm SANS@Night
Social Engineering for Pentesters Dave Shackleford Tuesday, April 8th, 8:15pm - 9:15pm SANS@Night
A Hands-on XML External Entity Vulnerability Training Module Carrie Roberts - Master's Degree Candidate Tuesday, April 8th, 8:15pm - 8:55pm Special Events
Wednesday, April 9
Session Speaker Time Type
Vendor Solutions Expo Wednesday, April 9th, 12:00pm - 1:30pm Vendor Event
Vendor Solutions Expo Wednesday, April 9th, 5:00pm - 7:00pm Vendor Event
Windows Exploratory Surgery with Process Hacker Jason Fossen Wednesday, April 9th, 7:15pm - 8:45pm SANS@Night
RTC Security Jason Ostrom Wednesday, April 9th, 7:15pm - 8:15pm SANS@Night
Security Static Vulnerable Devices Chris Farrell - Master's Degree Candidate Wednesday, April 9th, 7:15pm - 7:55pm Special Events
Analyzing a Second-Hand ATM (Automated Teller Machine) Erik Van Buggenhout Wednesday, April 9th, 7:15pm - 8:15pm SANS@Night
How I Learned to Stop Worrying and be Agile! James Leyte-Vidal Wednesday, April 9th, 8:15pm - 9:15pm SANS@Night
The Security Onion Cloud Client: Network Security Monitoring for the Cloud Joshua Brower - Master's Degree Candidate Wednesday, April 9th, 8:15pm - 8:55pm Special Events
OpenSSL "Heartbleed" Vulnerability Jake Williams Wednesday, April 9th, 8:15pm - 9:15pm SANS@Night
Thursday, April 10
Session Speaker Time Type
Continuous Security Intelligence with the SANS Critical Security Controls Kevin Landt, Product Management, EiQnetworks Thursday, April 10th, 12:30pm - 1:15pm Lunch and Learn
Retina Vulnerability Management: The Best-Kept Secret in Security Morey J. Haber - Sr. Director, Program Management, BeyondTrust Thursday, April 10th, 12:30pm - 1:15pm Lunch and Learn
Phishing your employees- Lessons learned from phishing 5 million people Jim Hansen, Executive VP, PhishMe Thursday, April 10th, 12:30pm - 1:15pm Lunch and Learn
Tenable, the SANS 20 Critical Security Controls, And You; The Basics and Beyond Jack Daniel, Technical Product Manager for Tenable Network Security Thursday, April 10th, 12:30pm - 1:15pm Lunch and Learn
Fortinet Next Generation Firewalls Justin Kallhoff, CEO Infogressive Thursday, April 10th, 12:30pm - 1:15pm Lunch and Learn
Why use Continuous Monitoring Jonas Kelly, Technical Account Manager, Qualys Thursday, April 10th, 12:30pm - 1:15pm Lunch and Learn
The Dynamic Threat Landscape and Next Generation Security Scott deLelys, CISSP , Palo Alto Networks Thursday, April 10th, 12:30pm - 1:15pm Lunch and Learn
GIAC Program Overview Jeff Frisk Thursday, April 10th, 6:00pm - 6:45pm Special Events
How the West was Pwned G.Mark Hardy Thursday, April 10th, 7:15pm - 8:15pm SANS@Night
The Law of Offensive Countermeasures, Active Defense or Whatever You Wanna Call It Benjamin Wright Thursday, April 10th, 7:15pm - 8:15pm SANS@Night
Continuous Ownage: Why you Need Continuous Monitoring Seth Misenar and Eric Conrad Thursday, April 10th, 7:15pm - 8:15pm SANS@Night
Introduction to IDA Pro and Debugging Stephen Sims Thursday, April 10th, 8:15pm - 9:15pm SANS@Night
Hacking Back, Active Defense and Internet Tough Guys John Strand Thursday, April 10th, 8:15pm - 9:15pm SANS@Night
Friday, April 11
Session Speaker Time Type
Evolving VoIP Threats Paul A. Henry Friday, April 11th, 7:15pm - 8:15pm SANS@Night
What is bWAPP? Web Application Penetration Testing with bWAPP Malik Mesellem Friday, April 11th, 7:15pm - 8:15pm SANS@Night
There's *GOLD* in Them Thar Package Management Databases! Phil Hagen Friday, April 11th, 8:15pm - 9:15pm SANS@Night
How to Spy on your Employees with Memory Forensics Jacob Williams and Alissa Torres Friday, April 11th, 8:15pm - 9:15pm SANS@Night