3 Days left to get a GIAC Certification Attempt Included with Online Training - Dont Miss Out!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Detecting Modern PowerShell Attacks with SIEM

  • Wednesday, October 4th, 2017 at 3:00 PM EDT (19:00:00 UTC)
  • Justin Henderson and Tim Garcia
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

Automating with PowerShell - a favorite amongst security teams and hackers alike. Many modern attacks leverage PowerShell to evade antivirus, whitelisting, and other security products and technology.

This webcast will share ways a SIEM can detect modern PowerShell attacks. Techniques discussed include quick wins and more detailed practices, addressing false positives and high volumes of PowerShell logs. Take a deeper dive into PowerShell monitoring and advanced endpoint analytics with SANS Instructors Justin Henderson

Speaker Bios

Justin Henderson

Justin is a passionate security architect and researcher with over decade of experience working in the Healthcare industry as well as consulting. He has had multiple opportunities to work on government contracts specializing in network monitoring systems and intrusion analysis. Justin was the 13th GSE to become both a red and blue SANS Cyber Guardian and holds over around 60 industry certifications.

Justin is a SANS instructor and the author of SEC555, the industry's first vendor neutral SIEM analytics course.


Tim Garcia

Timothy Garcia is a seasoned security professional who loves the challenge and continuously changing landscape of defense. Tim started his career as an engineer in IT and after working on a few security incidents related to Code Red and Nimda; he realized he had found his calling. Tim currently works as an Information Security Engineer for a Fortune 100 financial institution where he provides security consulting to project teams to ensure security of IT operations and compliance with policies and regulations. Tim also leads the team that is tasked with Firewall review, SIEM management and privileged access monitoring and policy compliance. Tim has worked as a Systems Engineer and DBA and has expertise in systems engineering, project management and information security principles and procedures/compliance. Tim previously worked for Intel and served in the United States Navy. Tim also works with the OnDemand team as an SME, is a mentor for the Vet Success program and provides consulting and content review for the Securing the Human project within SANS. Tim is a contributor to the Arizona Cyber Warfare Range and works with the local security community giving monthly talks, when not teaching for SANS, on information security tools and techniques.

Tim is as passionate about teaching security as he is performing it and receives the greatest joy when he sees the look in a student's eye when something they never quite understood finally makes sense.

Tim holds the CISSP, GSEC, GSLC, GISF, GMON, GAWN, GCCC, and GCED as well as the NSA-IAM certifications. He has extensive knowledge of security procedures and legislation such as Sarbanes-Oxley, GLBA, CobiT, COSO, and ISO 1779.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.