iPad Air 2, Samsung Galaxy Tab A, or $350 Off with SANS Online Training Right Now!

Security West 2014

San Diego, CA | Thu, May 8 - Sat, May 17, 2014
This event is over,
but there are more training opportunities.

Closing the Door on Web Shells

  • Anuj Soni
  • Tuesday, May 13th, 7:15pm - 8:15pm

While many attackers install malware on end-user workstations to accomplish their goals, external-facing servers continue to be prime targets of attack. In many of these cases, web shell backdoors are utilized by the adversary to download/upload files, execute arbitrary commands, and access back-end databases and other resources. Web shells are often heavily customized and obfuscated to evade detection. They may be only several lines of code, and they can be deployed on a variety of platforms. Every incident responder should be familiar with this dangerous category of malware so it is not overlooked during an investigation. This talk will discuss how web shells work, dive deep into several specimens, discuss approaches to detect related activity, and touch on some best practices to reduce the likelihood of seeing them on your systems.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.

Emerging Trends in Information Security

At Security West 2014, we'll offer 3 different discussions on Emerging Trends in Information Security and an opening night address by John Pescatore. Here's your chance to influence these discussions on trends in cyber threats, technology, business vulnerabilities, device and software security, and more. Your insights may be featured during the SANS@Night panel discussions!

Share Your Thoughts About Emerging Trends in Information Security

Friday, May 9
Session Speaker Time Type
Registration Welcome Reception Friday, May 9th, 5:00pm - 7:00pm Reception
Saturday, May 10
Session Speaker Time Type
General Session - Welcome to SANS Rob Lee Saturday, May 10th, 8:15am - 8:45am Special Events
Emerging Security Trends: Crossing the Chasm to Protecting a "Choose Your Own IT" World John Pescatore Saturday, May 10th, 7:15pm - 8:15pm Keynote
Will The Real Next Generation Security Please Stand Up? Moderator: John Pescatore, Panelists: Paul Henry, Phil Hagen, and Seth Misenar Saturday, May 10th, 8:15pm - 9:15pm Keynote
Sunday, May 11
Session Speaker Time Type
Security Awareness Metrics: Measuring Human Behavior Lance Spitzner Sunday, May 11th, 7:15pm - 8:15pm SANS@Night
Emerging Trends Panel: Offense Informs Defense... but How? Ed Skoudis, Mike Poor, and a panel of Pen Testing and Cyber Defense faculty Sunday, May 11th, 7:15pm - 8:15pm SANS@Night
Continuous Ownage: Why you Need Continuous Monitoring Eric Conrad and Seth Misenar Sunday, May 11th, 8:15pm - 9:15pm SANS@Night
Securing The Kids Lance Spitzner Sunday, May 11th, 8:15pm - 9:15pm SANS@Night
Monday, May 12
Session Speaker Time Type
Vendor Solutions Expo Monday, May 12th, 10:30am - 10:50am Vendor Event
Vendor Solutions Expo Monday, May 12th, 12:15pm - 1:30pm Vendor Event
Vendor Solutions Expo Monday, May 12th, 3:00pm - 3:20pm Vendor Event
The 13 Absolute Truths of Security Keith Palmgren Monday, May 12th, 7:15pm - 8:15pm SANS@Night
Emerging Trends in Forensics and Incident Response Rob Lee and a panel of DFIR faculty Monday, May 12th, 7:15pm - 8:15pm SANS@Night
The State of Eavesdropping on Cellular Networks Christopher Crowley Monday, May 12th, 8:15pm - 9:15pm SANS@Night
An Introduction to PowerShell for Security Assessments James Tarala Monday, May 12th, 8:15pm - 9:15pm SANS@Night
Tuesday, May 13
Session Speaker Time Type
Fortinet Next Generation Firewalls Jeff Eckley, Inside Sales Manager, Infogressive Tuesday, May 13th, 12:30pm - 1:15pm Lunch and Learn
‚Operationalize Open Intelligence ‚ YARA + Fidelis XPS‚ Mike Nichols, Senior Technical Product Manager Tuesday, May 13th, 12:30pm - 1:15pm Lunch and Learn
Symantec Lunch and Learn Tuesday, May 13th, 12:30pm - 1:15pm Lunch and Learn
Retina Vulnerability Management: The Best-Kept Secret in Security Jason Williams, Security Engineer with BeyondTrust Tuesday, May 13th, 12:30pm - 1:15pm Lunch and Learn
SANS Technology Institute Open House David Hoelzer Tuesday, May 13th, 7:15pm - 7:45pm Special Events
Closing the Door on Web Shells Anuj Soni Tuesday, May 13th, 7:15pm - 8:15pm SANS@Night
GIAC Program Overview Seth Misenar Tuesday, May 13th, 7:45pm - 8:15pm Special Events
How the West was Pwned G. Mark Hardy Tuesday, May 13th, 8:15pm - 9:15pm SANS@Night
Wednesday, May 14
Session Speaker Time Type
Evolving Threats Paul A. Henry Wednesday, May 14th, 7:15pm - 8:15pm SANS@Night
A Small Business No Budget Implementation of the SANS 20 Security Controls Russell Eubanks Wednesday, May 14th, 7:15pm - 8:15pm SANS@Night
How to Spy on your Employees with Memory Forensics Jake Williams Wednesday, May 14th, 8:15pm - 9:15pm SANS@Night