RapidTriage: An Automated Approach to System Intrusion Discovery
- Trenton Bond - Master's Degree Candidate
- Tuesday, April 8th, 7:15pm - 7:55pm
Master's Degree Presentation
Effective system intrusion discovery is a critical component of the information security incident handling process. The SANS Institute publishes system intrusion discovery cheat sheets that are invaluable guides to help identify indicators of compromise. Weâll look at how the RapidTriage Python tool can automate system data collection based on these guides, speeding up the initial triage and ensuring consistency across multiple systems and platforms.
Speaker Bio: Trenton Bond is currently an information security architect for a large non-profit organization. His work includes weaving security solutions into existing enterprise architecture and implementing practical solutions to protect critical enterprise data and assets. Trenton holds an undergraduate degree in Electronics Engineering Technology from Brigham Young University and is currently working on a Master of Science in Information Security Engineering with the SANS Technology Institute (STI). He plans to continue in his architect role for many more years while eventually developing a startup company that will provide security services and products to small and mid-size businesses under regulatory controls.
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
Sunday, April 6
| Session | Speaker | Time | Type |
|---|---|---|---|
| Registration Welcome Reception | — | Sunday, April 6th, 5:00pm - 7:00pm | Reception |
| Building and Managing a PKI Solution for Small and Medium Size Business | Wylie Shanks - Master's Degree Candidate | Sunday, April 6th, 7:30pm - 8:10pm | Special Events |
Monday, April 7
| Session | Speaker | Time | Type |
|---|---|---|---|
| General Session - Welcome to SANS | Rob Lee | Monday, April 7th, 8:15am - 8:45am | Special Events |
| SANS Technology Institute Open House | Alan Paller | Monday, April 7th, 6:00pm - 7:00pm | Special Events |
| Online Training Pool Party | — | Monday, April 7th, 6:15pm - 7:15pm | Special Events |
| APT Attacks Exposed: Network, Host, Memory, and Malware Analysis | Rob Lee, Ovie Carroll, Alissa Torres, Phil Hagen, and Lenny Zeltser | Monday, April 7th, 7:15pm - 9:15pm | Keynote |
Tuesday, April 8
| Session | Speaker | Time | Type |
|---|---|---|---|
| How to Become a SANS Instructor | John Strand, Certified Instructor | Tuesday, April 8th, 12:30pm - 1:15pm | Lunch and Learn |
| Continuous Monitoring & Mitigation | Doug Laughlin, Account Manager - GA/FL/Caribbean, ForeScout Technologies, Inc | Tuesday, April 8th, 12:30pm - 1:15pm | Lunch and Learn |
| World War C Threat Landscape - A Look At The Threats of Yesterday, The Trends Today, and Whatâs to Come Tomorrow | Mark Stanford, Senior Sales Engineering Manager, FireEye, Inc | Tuesday, April 8th, 12:30pm - 1:15pm | Lunch and Learn |
| The Power of Metadata | Mike Nichols, Senior Technical Product Manager, General Dynamics Fidelis Cybersecurity | Tuesday, April 8th, 12:30pm - 1:15pm | Lunch and Learn |
| Enabling Secure Cloud Storage: Moving from Perimeter to Object-Based Protection | Gregory Breeze, Principal SE, AlephCloud | Tuesday, April 8th, 12:30pm - 1:15pm | Lunch and Learn |
| â˘âThe Power of Lossless Packet Capture (1G-100G) & Real-time Netflowâ | Andrew Weisman, Senior Sales Engineer, Emulex | Tuesday, April 8th, 12:30pm - 1:15pm | Lunch and Learn |
| ICS Cybersecurity in an Interconnected World | Wally Magda | Tuesday, April 8th, 12:30pm - 1:15pm | Lunch and Learn |
| Women in Technology Meet and Greet | Karen Fioravanti | Tuesday, April 8th, 6:15pm - 7:15pm | Special Events |
| Security Awareness Metrics: Measuring Human Behavior | Lance Spitzner | Tuesday, April 8th, 7:15pm - 8:15pm | SANS@Night |
| RapidTriage: An Automated Approach to System Intrusion Discovery | Trenton Bond - Master's Degree Candidate | Tuesday, April 8th, 7:15pm - 7:55pm | Special Events |
| An Introduction to PowerShell for Security Assessments | James Tarala | Tuesday, April 8th, 8:15pm - 9:15pm | SANS@Night |
| Securing The Kids | Lance Spitzner | Tuesday, April 8th, 8:15pm - 9:15pm | SANS@Night |
| Social Engineering for Pentesters | Dave Shackleford | Tuesday, April 8th, 8:15pm - 9:15pm | SANS@Night |
| A Hands-on XML External Entity Vulnerability Training Module | Carrie Roberts - Master's Degree Candidate | Tuesday, April 8th, 8:15pm - 8:55pm | Special Events |
Wednesday, April 9
| Session | Speaker | Time | Type |
|---|---|---|---|
| Vendor Solutions Expo | — | Wednesday, April 9th, 12:00pm - 1:30pm | Vendor Event |
| Vendor Solutions Expo | — | Wednesday, April 9th, 5:00pm - 7:00pm | Vendor Event |
| Windows Exploratory Surgery with Process Hacker | Jason Fossen | Wednesday, April 9th, 7:15pm - 8:45pm | SANS@Night |
| RTC Security | Jason Ostrom | Wednesday, April 9th, 7:15pm - 8:15pm | SANS@Night |
| Security Static Vulnerable Devices | Chris Farrell - Master's Degree Candidate | Wednesday, April 9th, 7:15pm - 7:55pm | Special Events |
| Analyzing a Second-Hand ATM (Automated Teller Machine) | Erik Van Buggenhout | Wednesday, April 9th, 7:15pm - 8:15pm | SANS@Night |
| How I Learned to Stop Worrying and be Agile! | James Leyte-Vidal | Wednesday, April 9th, 8:15pm - 9:15pm | SANS@Night |
| The Security Onion Cloud Client: Network Security Monitoring for the Cloud | Joshua Brower - Master's Degree Candidate | Wednesday, April 9th, 8:15pm - 8:55pm | Special Events |
| OpenSSL "Heartbleed" Vulnerability | Jake Williams | Wednesday, April 9th, 8:15pm - 9:15pm | SANS@Night |
Thursday, April 10
| Session | Speaker | Time | Type |
|---|---|---|---|
| Continuous Security Intelligence with the SANS Critical Security Controls | Kevin Landt, Product Management, EiQnetworks | Thursday, April 10th, 12:30pm - 1:15pm | Lunch and Learn |
| Retina Vulnerability Management: The Best-Kept Secret in Security | Morey J. Haber - Sr. Director, Program Management, BeyondTrust | Thursday, April 10th, 12:30pm - 1:15pm | Lunch and Learn |
| Phishing your employees- Lessons learned from phishing 5 million people | Jim Hansen, Executive VP, PhishMe | Thursday, April 10th, 12:30pm - 1:15pm | Lunch and Learn |
| Tenable, the SANS 20 Critical Security Controls, And You; The Basics and Beyond | Jack Daniel, Technical Product Manager for Tenable Network Security | Thursday, April 10th, 12:30pm - 1:15pm | Lunch and Learn |
| Fortinet Next Generation Firewalls | Justin Kallhoff, CEO Infogressive | Thursday, April 10th, 12:30pm - 1:15pm | Lunch and Learn |
| Why use Continuous Monitoring | Jonas Kelly, Technical Account Manager, Qualys | Thursday, April 10th, 12:30pm - 1:15pm | Lunch and Learn |
| The Dynamic Threat Landscape and Next Generation Security | Scott deLelys, CISSP , Palo Alto Networks | Thursday, April 10th, 12:30pm - 1:15pm | Lunch and Learn |
| GIAC Program Overview | Jeff Frisk | Thursday, April 10th, 6:00pm - 6:45pm | Special Events |
| How the West was Pwned | G.Mark Hardy | Thursday, April 10th, 7:15pm - 8:15pm | SANS@Night |
| The Law of Offensive Countermeasures, Active Defense or Whatever You Wanna Call It | Benjamin Wright | Thursday, April 10th, 7:15pm - 8:15pm | SANS@Night |
| Continuous Ownage: Why you Need Continuous Monitoring | Seth Misenar and Eric Conrad | Thursday, April 10th, 7:15pm - 8:15pm | SANS@Night |
| Introduction to IDA Pro and Debugging | Stephen Sims | Thursday, April 10th, 8:15pm - 9:15pm | SANS@Night |
| Hacking Back, Active Defense and Internet Tough Guys | John Strand | Thursday, April 10th, 8:15pm - 9:15pm | SANS@Night |
Friday, April 11
| Session | Speaker | Time | Type |
|---|---|---|---|
| Evolving VoIP Threats | Paul A. Henry | Friday, April 11th, 7:15pm - 8:15pm | SANS@Night |
| What is bWAPP? Web Application Penetration Testing with bWAPP | Malik Mesellem | Friday, April 11th, 7:15pm - 8:15pm | SANS@Night |
| There's *GOLD* in Them Thar Package Management Databases! | Phil Hagen | Friday, April 11th, 8:15pm - 9:15pm | SANS@Night |
| How to Spy on your Employees with Memory Forensics | Jacob Williams and Alissa Torres | Friday, April 11th, 8:15pm - 9:15pm | SANS@Night |
