Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show True Risk
- Beau Bullock
- Wednesday, March 16th, 8:15pm - 9:15pm
Your vulnerability scanner reports that there are no issues on your network. A pentester has spent the last week trying to exploit every system your organization owns with no luck. The check box for this yearâs compliance audit has been checked. While it is good that these things occurred, they do not complete the picture in regards to true risk.
Real attackers do not solely rely on software exploits to compromise an environment. In almost every breach you hear about the root of the compromise came from a phishing attack. This is why additional tests, post-infection, should be performed to assess just how far an attacker can go after gaining a foothold into your environment.
What command and control channels are available for an attacker to utilize to communicate with your internal systems? How easy is it for an attacker to move laterally within your environment and gain access to other systems? What are your detection capabilities when it comes to sensitive data being exfiltrated out of your environment? How do you test these attacker techniques using open-source tools?
This lecture will address these questions and more, including a showcase of attacker methodologies.
Speaker Bio:
Beau Bullock is a Senior Security Analyst at Black Hills Information Security. Prior to joining BHIS, Beau's primary role was implementing security controls to protect information and network assets. He has held information security positions in the financial and health industries. Beau has experience with all aspects of enterprise network security including penetration testing, vulnerability analysis, data loss prevention, wireless security, firewall management, and employee security training. In his spare time, he hosts the HackNaked.TV information security webcast and presents at conferences.
Beau holds a B.S. in Information Technology and has also obtained multiple industry certifications including OSCP, OSWP, GCIH, GCFA, GSEC, GPEN, GXPN.
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
- Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Saturday, March 12
| Session | Speaker | Time | Type |
|---|---|---|---|
| GSE Lab Examination | — | Saturday, March 12th, 8:00am - 5:30pm | Special Events |
Sunday, March 13
| Session | Speaker | Time | Type |
|---|---|---|---|
| GSE Lab Examination | — | Sunday, March 13th, 8:00am - 5:30pm | Special Events |
| Securing Your Kids | Lance Spitzner | Sunday, March 13th, 7:00pm - 8:00pm | SANS@Night |
Monday, March 14
| Session | Speaker | Time | Type |
|---|---|---|---|
| General Session - Welcome to SANS | Bryan Simon | Monday, March 14th, 8:15am - 8:45am | Special Events |
| Women in Technology Meet and Greet | — | Monday, March 14th, 6:00pm - 7:00pm | Special Events |
| Analyzing the Ukrainian Power Grid Cyber-Attacks | Jake Williams | Monday, March 14th, 7:15pm - 9:15pm | Keynote |
Tuesday, March 15
| Session | Speaker | Time | Type |
|---|---|---|---|
| SSL & TLS Nuts, Bolts, and Best Practices | Brian McHenry, Security Solutions Architect | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Applying the Cyber Kill Chain to Enterprise Defense | George Ressopoulos, Senior Security Consultant | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Navigating Today's Threat Landscape | Matt Hickey, Director, Sales Engineering | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Improving the Threat Intelligence Management Process | Trevor Welsh, Director of Sales Engineering | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| How to Become a SANS Instructor | Eric Conrad | Tuesday, March 15th, 12:30pm - 1:15pm | Special Events |
| SANS Technology Institute Lunch and Learn | — | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| The PC-Malware Zoo: We Promise You Won't Like It | Speaker: Paul Schofield, Director of Customer Experience | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| GIAC Program Reception | Presented by Jeff Frisk | Tuesday, March 15th, 6:15pm - 7:15pm | Special Events |
| Using an Open Source Threat Model for Prioritized Defense | James Tarala | Tuesday, March 15th, 7:15pm - 8:15pm | SANS@Night |
| Data Theft in the 21st Century | Mike Poor | Tuesday, March 15th, 7:15pm - 8:15pm | SANS@Night |
| Making Awareness Stick | Lance Spitzner | Tuesday, March 15th, 7:15pm - 8:15pm | SANS@Night |
| Next Gen Patch Management for Microsoft Windows - A Call for Improved Tools | Jason Simsay - Master's Degree Candidate | Tuesday, March 15th, 7:15pm - 7:55pm | Master's Degree Presentation |
| The Current State of Cyber Security | Justin Searle | Tuesday, March 15th, 7:15pm - 8:15pm | Special Events |
| Making Deception a Thing for Things | Dr. Johannes Ullrich | Tuesday, March 15th, 8:15pm - 9:15pm | SANS@Night |
| Windows Exploratory Surgery with Process Hacker | Jason Fossen | Tuesday, March 15th, 8:15pm - 9:15pm | SANS@Night |
| PKI Trust Models: Whom do you trust? | Blaine Hein - Master's Degree Candidate | Tuesday, March 15th, 8:15pm - 8:55pm | Master's Degree Presentation |
Wednesday, March 16
| Session | Speaker | Time | Type |
|---|---|---|---|
| Vendor Solutions Expo | — | Wednesday, March 16th, 12:00pm - 1:30pm | Vendor Event |
| Vendor Solutions Expo | — | Wednesday, March 16th, 5:30pm - 7:30pm | Vendor Event |
| Smartphone and Network Forensics Goes Together Like Peas and Carrots | Heather Mahalik and Phil Hagen | Wednesday, March 16th, 7:15pm - 8:15pm | SANS@Night |
| The Crazy New World of Cyber Investigations: Law, Ethics and Evidence | Ben Wright | Wednesday, March 16th, 7:15pm - 8:15pm | SANS@Night |
| Enforcing Application Security | Michael Matthee - Master's Degree Candidate | Wednesday, March 16th, 7:15pm - 7:55pm | Master's Degree Presentation |
| The 14 Absolute Truths of Security | Keith Palmgren | Wednesday, March 16th, 8:15pm - 9:15pm | SANS@Night |
| Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show True Risk | Beau Bullock | Wednesday, March 16th, 8:15pm - 9:15pm | SANS@Night |
| Intrusion Detection with PowerShell | Michael Weeks - Master's Degree Candidate | Wednesday, March 16th, 8:15pm - 8:55pm | Master's Degree Presentation |
Thursday, March 17
| Session | Speaker | Time | Type |
|---|---|---|---|
| Automating the Hunt for Attackers | Dan Mitchell, Solutions Engineer | Thursday, March 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Beyond Who is: See Threats Coming | Steve Butt, Technical Sales Engineer | Thursday, March 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Flipping the Economics of Attacks | Etay Nir, Malware and Threat Intelligence CE | Thursday, March 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Using Splunk to visualize Vulnerability data | Jeff Leggett, Director, Cloud Services, API, and Integrations for Qualys | Thursday, March 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Inventive and Productive Ways to Engage Employees on Cyber Skills Development | Aaron Cohen, Director of Product Management | Thursday, March 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Malware Analysis for Incident Responders: Getting Started | Lenny Zeltser | Thursday, March 17th, 7:15pm - 9:15pm | SANS@Night |
| Card Fraud 101 | G. Mark Hardy | Thursday, March 17th, 7:15pm - 8:15pm | SANS@Night |
| Custom Digital Forensics Tools in Python | Evan Dygert | Thursday, March 17th, 7:15pm - 8:15pm | SANS@Night |
| Exploits of Yesteryear Are Never Truly Gone | Marsha Miller - Master's Degree Candidate | Thursday, March 17th, 7:15pm - 7:55pm | Master's Degree Presentation |
| Debunking the Complex Password Myth | Keith Palmgren | Thursday, March 17th, 8:15pm - 9:15pm | SANS@Night |
| Uncovering Indicators of Compromise (IoC) Using PowerShell, Event Logs, and Nagios | Dallas Haselhorst - Master's Degree Candidate | Thursday, March 17th, 8:15pm - 8:55pm | Master's Degree Presentation |
