Save $200 on 4-6 Day Courses at SANS Network Security 2018 in Las Vegas. Ends Tomorrow!

Threat Hunting & IR Summit

New Orleans, LA | Thu, Sep 6 - Thu, Sep 13, 2018
Event starts in 16 Days

Threat Hunting & Incident Response Summit Agenda

Summit speakers

We strive to present the most relevant, timely and valuable content. As a result, this agenda is subject to change. Please check back frequently for changes and updates.

Download the full Summit Agenda, complete with presentation overviews!

Thursday, September 6th
Time Presentation Speaker
9:00-9:45 am Opening Keynote Ben Johnson (@chicagoben), Co-Founder & CTO, Obsidian Security
9:45-10:20 am

Uncovering and Visualizing Malicious Infrastructure

  • Josh Pyorre (@joshpyorre), Security Research Analyst, Cisco Umbrella
  • Andrea Scarfo (@AScarf0), Security Research Analyst, Cisco Umbrella
10:20-10:45 am Networking Break
10:45-11:20 am This Is the Fastest Way to Hunt Windows Endpoints Michael Gough (@HackerHurricane), Malware Archaeologist, Malware Archaeology
11:20-11:55 am

Threat Hunting in Your Supply Chain

Jake Williams (@MalwareJake), Founder, Rendition Infosec
11:55 am - 1:15 pm

Lunch & Learn, Presented by

1:15-1:50 pm

ATT&CKing the Status Quo: Threat-Based Adversary Emulation with MITRE ATT&CK

1:50-2:25 pm Cyber Threat Hunting in the Middle East
  • Kevin Albano, Global Lead, Threat Intelligence, IBM X-Force IRIS
2:25-2:45 pm Networking Break
2:45-3:20 pm

Hunting for Lateral Movement Using Windows Event Logs

Mauricio Velazco (@mvelazco), VP - Threat Management, Blackstone
3:20-3:45 pm Networking Break
4:00-4:35 pm

Forecast: Sunny, Clear Skies, and 100% Detection

Alissa Torres (@sibertor), Incident Response Manager, Cargill; Certified Instructor, SANS Institute
4:35-5:10 pm

Live Debates

Moderator: Matt Bromiley, Certified Instructor, SANS Institute; Cylance

Friday, September 7th
Time Presentation Speaker
9:00-9:45 am

Discerning Evil from Benign in the Normally Abnormal World of InfoSec

Rick McElroy, Security Strategist, Carbon Black

9:45-10:20 am How to Submit a Threat Profile to MITRE ATT&CK Walker Johnson (@wjohnsonsled), Senior Security Engineer, Banking & Finance
10:20-10:45 am Networking Break
10:45-11:20 am Threat Hunting Using Live Box Forensics John Moran, Senior Product Manager, DFLabs
11:20-11:55 am

Viewing the Nodes in the Noise: Leveraging Data Science to Discover Persistent Threats

David Evenden, Senior Vulnerability Exploitation Analyst, CenturyLink
11:55 am - 1:15 pm Lunch
1:15-1:50 pm

Hunting Webshells: Tracking TwoFace

  • Josh Bryant (@FixtheExchange), Director of Technical Account Management, Tanium
  • Robert Falcone, Threat Researcher, Palo Alto Unit 42
1:50-2:25 pm

Who Done It: Gaining Visibility and Accountability in the Cloud

Ryan Nolette, Security Technologist, AWS
2:25-2:45 pm Networking Break
2:45-3:20 pm Quantify Your Hunt: Not Your Parents' Red Team
  • Devon Kerr (_devonkerr_), Principal Threat Researcher, Endgame
  • Roberto Rodriguez (@cyb3rward0g), Senior Threat Hunter, SpecterOps
3:20-3:45 pm

Launching Threat Hunting From Almost Nothing

Takahiro Kakumaru, Security Researcher, NEC

3:45-4:00 pm Networking Break
4:00-4:35 pm

Threat Hunting or Threat Farming: Finding the Balance in Security Automation

  • Robert M. Lee (@RobertMLee), CEO, Dragos Inc.
  • Alex Pinto (@alexcpsec), Lead Security Data Scientist, Verizon Enterprise Services
4:35-5:10 pm Lightning Talks

Moderator: David J. Bianco (@davidjbianco), Principal Engineer, Cyber Security, Target