Network Based Threat Hunting: A Case Study in Analyzing an Advanced Threat
- Matt Pieklik, Sr. Consulting Analyst
- Thursday, October 3rd, 12:30pm - 1:15pm
Been phished (or not) and noticed some irregular activity, but none of your preventative security tools have detected anything? This is a real world case study that walks through a hunt utilizing network metadata to track down a suspected intruder. From identifying C2 to deployment of payloads, this presentation walks through the use of various network metadata types as we pivot our way to understanding the attacker's actions.
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
Monday, September 30
| Session |
Speaker |
Time | Type |
| Vendor Showcase |
— |
Monday, September 30th, 10:40am - 11:20am |
Vendor Event |
| Evade Me If You Can: An Inside Look at Malware Evasion Techniques |
Ben Abbott, Solutions Engineer |
Monday, September 30th, 12:35pm - 1:40pm |
Lunch and Learn |
| Domain & DNS-based Adversarial Threat Intelligence in the SOC/CSIRT |
Corin Imai, Senior Security Advisor & Senior Product Marketing Manager |
Monday, September 30th, 12:35pm - 1:40pm |
Lunch and Learn |
| Vendor Showcase |
— |
Monday, September 30th, 3:05pm - 3:40pm |
Vendor Event |
| Threat Hunting & Incident Response Summit Night Out! |
— |
Monday, September 30th, 6:00pm - 8:00pm |
Special Events |
Tuesday, October 1
| Session |
Speaker |
Time | Type |
| Vendor Showcase |
— |
Tuesday, October 1st, 10:25am - 10:55am |
Vendor Event |
| Gain the Upper Hand: Leveraging Telemetry and Response Actions to Close the "Breakout" Window |
David French, Threat Researcher |
Tuesday, October 1st, 12:15pm - 1:25pm |
Lunch and Learn |
| The Anatomy of an Attack |
Daniel Bates, Systems Architect |
Tuesday, October 1st, 12:15pm - 1:25pm |
Lunch and Learn |
| Vendor Showcase |
— |
Tuesday, October 1st, 3:25pm - 3:45pm |
Vendor Event |
Wednesday, October 2
| Session |
Speaker |
Time | Type |
| DIY Software Supply Chain Monitoring |
Robert Perica, Principal Engineer |
Wednesday, October 2nd, 12:30pm - 1:15pm |
Lunch and Learn |
| Fidelis Product Test Drive |
Justin Swisher, MDR Threat Hunting and Charles Twardowski, Manager - Incident Response |
Wednesday, October 2nd, 6:30pm - 8:30pm |
Special Events |
Friday, October 4
| Session |
Speaker |
Time | Type |
| DFIR Community Night |
— |
Friday, October 4th, 6:00pm - 8:00pm |
Special Events |
