Learn real-world cyber security skills from active industry experts in Anaheim. Save $150 thru 12/18.

Threat Hunting & IR Summit 2019

New Orleans, LA | Mon, Sep 30, 2019 - Mon, Oct 7, 2019
This event is over,
but there are more training opportunities.

DIY Software Supply Chain Monitoring

  • Robert Perica, Principal Engineer
  • Wednesday, October 2nd, 12:30pm - 1:15pm

Recent publications and articles appearing all over the news indicate that supply chain attacks are gaining in popularity. From the recent ShadowHammer attack, to several consecutive compromises of the RubyGems package repository, it's becoming increasingly obvious that attackers are turning their attention from the "big fish" to easier targets supplying them. All companies use public package repositories in some way, but typically only large and well-known open-source projects have a well-defined code review procedure. Even so, mistakes are bound to happen, and unreviewed code will sometimes slip through either due to a review oversight or through account hijacking. Alternatively, typosquatted package names rely on user error to be installed. As a defender, to sleep well at night, one of the primary concerns is to understand what attack surface a particular company has, and how to proactively monitor for potential intrusions on every front. Attendees will learn how to determine their package repository supply chain, how the create a simple monitoring framework for packages coming from such repositories, and finally, how to analyze the results.

Reversing Labs

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
Monday, September 30
Session Speaker Time Type
Vendor Showcase Monday, September 30th, 10:40am - 11:20am Vendor Event
Evade Me If You Can: An Inside Look at Malware Evasion Techniques Ben Abbott, Solutions Engineer Monday, September 30th, 12:35pm - 1:40pm Lunch and Learn
Domain & DNS-based Adversarial Threat Intelligence in the SOC/CSIRT Corin Imai, Senior Security Advisor & Senior Product Marketing Manager Monday, September 30th, 12:35pm - 1:40pm Lunch and Learn
Vendor Showcase Monday, September 30th, 3:05pm - 3:40pm Vendor Event
Threat Hunting & Incident Response Summit Night Out! Monday, September 30th, 6:00pm - 8:00pm Special Events
Tuesday, October 1
Session Speaker Time Type
Vendor Showcase Tuesday, October 1st, 10:25am - 10:55am Vendor Event
Gain the Upper Hand: Leveraging Telemetry and Response Actions to Close the "Breakout" Window David French, Threat Researcher Tuesday, October 1st, 12:15pm - 1:25pm Lunch and Learn
The Anatomy of an Attack Daniel Bates, Systems Architect Tuesday, October 1st, 12:15pm - 1:25pm Lunch and Learn
Vendor Showcase Tuesday, October 1st, 3:25pm - 3:45pm Vendor Event
Wednesday, October 2
Session Speaker Time Type
DIY Software Supply Chain Monitoring Robert Perica, Principal Engineer Wednesday, October 2nd, 12:30pm - 1:15pm Lunch and Learn
Fidelis Product Test Drive Justin Swisher, MDR Threat Hunting and Charles Twardowski, Manager - Incident Response Wednesday, October 2nd, 6:30pm - 8:30pm Special Events
Thursday, October 3
Session Speaker Time Type
Network Based Threat Hunting: A Case Study in Analyzing an Advanced Threat Matt Pieklik, Sr. Consulting Analyst Thursday, October 3rd, 12:30pm - 1:15pm Lunch and Learn
Malware Analysis: A Deep Dive Experience Anuj Soni Thursday, October 3rd, 6:00pm - 8:00pm Keynote
Friday, October 4
Session Speaker Time Type
DFIR Community Night Friday, October 4th, 6:00pm - 8:00pm Special Events