SANS 2014

Orlando, FL | Sat, Apr 5 - Mon, Apr 14, 2014
This event is over,
but there are more training opportunities.

How to Spy on your Employees with Memory Forensics

  • Jacob Williams and Alissa Torres
  • Friday, April 11th, 8:15pm - 9:15pm

Many companies can't afford employee endpoint monitoring software such as SpectorPro, and yet still have the need to figure out how a rogue employee is spending his time on the job. Consider a cheaper solution for employee spying- one that makes use of native Windows services and an investigator's ninja memory analysis skills. Whether it be creating a scheduled task to send a machine to hibernate or instantiating an unsuspected memory dump, targeted employee spying can be done on the cheap. Through process enumeration, browsing history reconstruction and memory-mapped file extraction, watch as your presenters piece together what our trusted insider was doing on their company computer, unbeknownst to his boss. Even if you don't have the need to covertly investigate a rogue employee (yet), this talk will arm you the knowledge to know what is within the realm of the possible.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
Sunday, April 6
Session Speaker Time Type
Registration Welcome Reception Sunday, April 6th, 5:00pm - 7:00pm Reception
Building and Managing a PKI Solution for Small and Medium Size Business Wylie Shanks - Master's Degree Candidate Sunday, April 6th, 7:30pm - 8:10pm Special Events
Monday, April 7
Session Speaker Time Type
General Session - Welcome to SANS Rob Lee Monday, April 7th, 8:15am - 8:45am Special Events
SANS Technology Institute Open House Alan Paller Monday, April 7th, 6:00pm - 7:00pm Special Events
Online Training Pool Party Monday, April 7th, 6:15pm - 7:15pm Special Events
APT Attacks Exposed: Network, Host, Memory, and Malware Analysis Rob Lee, Ovie Carroll, Alissa Torres, Phil Hagen, and Lenny Zeltser Monday, April 7th, 7:15pm - 9:15pm Keynote
Tuesday, April 8
Session Speaker Time Type
How to Become a SANS Instructor John Strand, Certified Instructor Tuesday, April 8th, 12:30pm - 1:15pm Lunch and Learn
Continuous Monitoring & Mitigation Doug Laughlin, Account Manager - GA/FL/Caribbean, ForeScout Technologies, Inc Tuesday, April 8th, 12:30pm - 1:15pm Lunch and Learn
World War C Threat Landscape - A Look At The Threats of Yesterday, The Trends Today, and Whatâs to Come Tomorrow Mark Stanford, Senior Sales Engineering Manager, FireEye, Inc Tuesday, April 8th, 12:30pm - 1:15pm Lunch and Learn
The Power of Metadata Mike Nichols, Senior Technical Product Manager, General Dynamics Fidelis Cybersecurity Tuesday, April 8th, 12:30pm - 1:15pm Lunch and Learn
Enabling Secure Cloud Storage: Moving from Perimeter to Object-Based Protection Gregory Breeze, Principal SE, AlephCloud Tuesday, April 8th, 12:30pm - 1:15pm Lunch and Learn
â˘âThe Power of Lossless Packet Capture (1G-100G) & Real-time Netflowâ Andrew Weisman, Senior Sales Engineer, Emulex Tuesday, April 8th, 12:30pm - 1:15pm Lunch and Learn
ICS Cybersecurity in an Interconnected World Wally Magda Tuesday, April 8th, 12:30pm - 1:15pm Lunch and Learn
Women in Technology Meet and Greet Karen Fioravanti Tuesday, April 8th, 6:15pm - 7:15pm Special Events
Security Awareness Metrics: Measuring Human Behavior Lance Spitzner Tuesday, April 8th, 7:15pm - 8:15pm SANS@Night
RapidTriage: An Automated Approach to System Intrusion Discovery Trenton Bond - Master's Degree Candidate Tuesday, April 8th, 7:15pm - 7:55pm Special Events
An Introduction to PowerShell for Security Assessments James Tarala Tuesday, April 8th, 8:15pm - 9:15pm SANS@Night
Securing The Kids Lance Spitzner Tuesday, April 8th, 8:15pm - 9:15pm SANS@Night
Social Engineering for Pentesters Dave Shackleford Tuesday, April 8th, 8:15pm - 9:15pm SANS@Night
A Hands-on XML External Entity Vulnerability Training Module Carrie Roberts - Master's Degree Candidate Tuesday, April 8th, 8:15pm - 8:55pm Special Events
Wednesday, April 9
Session Speaker Time Type
Vendor Solutions Expo Wednesday, April 9th, 12:00pm - 1:30pm Vendor Event
Vendor Solutions Expo Wednesday, April 9th, 5:00pm - 7:00pm Vendor Event
Windows Exploratory Surgery with Process Hacker Jason Fossen Wednesday, April 9th, 7:15pm - 8:45pm SANS@Night
RTC Security Jason Ostrom Wednesday, April 9th, 7:15pm - 8:15pm SANS@Night
Security Static Vulnerable Devices Chris Farrell - Master's Degree Candidate Wednesday, April 9th, 7:15pm - 7:55pm Special Events
Analyzing a Second-Hand ATM (Automated Teller Machine) Erik Van Buggenhout Wednesday, April 9th, 7:15pm - 8:15pm SANS@Night
How I Learned to Stop Worrying and be Agile! James Leyte-Vidal Wednesday, April 9th, 8:15pm - 9:15pm SANS@Night
The Security Onion Cloud Client: Network Security Monitoring for the Cloud Joshua Brower - Master's Degree Candidate Wednesday, April 9th, 8:15pm - 8:55pm Special Events
OpenSSL "Heartbleed" Vulnerability Jake Williams Wednesday, April 9th, 8:15pm - 9:15pm SANS@Night
Thursday, April 10
Session Speaker Time Type
Continuous Security Intelligence with the SANS Critical Security Controls Kevin Landt, Product Management, EiQnetworks Thursday, April 10th, 12:30pm - 1:15pm Lunch and Learn
Retina Vulnerability Management: The Best-Kept Secret in Security Morey J. Haber - Sr. Director, Program Management, BeyondTrust Thursday, April 10th, 12:30pm - 1:15pm Lunch and Learn
Phishing your employees- Lessons learned from phishing 5 million people Jim Hansen, Executive VP, PhishMe Thursday, April 10th, 12:30pm - 1:15pm Lunch and Learn
Tenable, the SANS 20 Critical Security Controls, And You; The Basics and Beyond Jack Daniel, Technical Product Manager for Tenable Network Security Thursday, April 10th, 12:30pm - 1:15pm Lunch and Learn
Fortinet Next Generation Firewalls Justin Kallhoff, CEO Infogressive Thursday, April 10th, 12:30pm - 1:15pm Lunch and Learn
Why use Continuous Monitoring Jonas Kelly, Technical Account Manager, Qualys Thursday, April 10th, 12:30pm - 1:15pm Lunch and Learn
The Dynamic Threat Landscape and Next Generation Security Scott deLelys, CISSP , Palo Alto Networks Thursday, April 10th, 12:30pm - 1:15pm Lunch and Learn
GIAC Program Overview Jeff Frisk Thursday, April 10th, 6:00pm - 6:45pm Special Events
How the West was Pwned G.Mark Hardy Thursday, April 10th, 7:15pm - 8:15pm SANS@Night
The Law of Offensive Countermeasures, Active Defense or Whatever You Wanna Call It Benjamin Wright Thursday, April 10th, 7:15pm - 8:15pm SANS@Night
Continuous Ownage: Why you Need Continuous Monitoring Seth Misenar and Eric Conrad Thursday, April 10th, 7:15pm - 8:15pm SANS@Night
Introduction to IDA Pro and Debugging Stephen Sims Thursday, April 10th, 8:15pm - 9:15pm SANS@Night
Hacking Back, Active Defense and Internet Tough Guys John Strand Thursday, April 10th, 8:15pm - 9:15pm SANS@Night
Friday, April 11
Session Speaker Time Type
Evolving VoIP Threats Paul A. Henry Friday, April 11th, 7:15pm - 8:15pm SANS@Night
What is bWAPP? Web Application Penetration Testing with bWAPP Malik Mesellem Friday, April 11th, 7:15pm - 8:15pm SANS@Night
There's *GOLD* in Them Thar Package Management Databases! Phil Hagen Friday, April 11th, 8:15pm - 9:15pm SANS@Night
How to Spy on your Employees with Memory Forensics Jacob Williams and Alissa Torres Friday, April 11th, 8:15pm - 9:15pm SANS@Night