Agenda | February 24, 2023 | 10:30AM - 12:15PM EST
Timeline (EST) | Session Details |
---|---|
10:30 AM | Welcome & Opening RemarksMegan Roddie, Course Author, SANS Institute |
10:45 AM | Converging Incident Response and Detection Engineering for QbotTraditionally, notable information stealer Qbot (aka Qakbot) was delivered via Macros, but as the tactics of threat actors continue to evolve, it has become increasingly difficult to accurately assess the scope of an incident caused by this prolific malware. In today's post-macro world, attackers use HTML smuggling to deliver Qbot through a chain of executions involving ISO, ZIP, DLL, and LNK files. In this session, equip yourself with the tools and knowledge needed to respond effectively to Qbot attacks, and learn how to close the loop for better detection and response strategies. We will take you through an in-depth analysis of Qbot threats, providing valuable insights on identifying and confirming an incident quickly. Key takeaways from this session include: • How to minimize the impact of a Qbot attack on your organization Ertugrul Kara, Sr. Product Marketing Manager, VMRay Fatih Akar, Security Product Manager, VMRay |
11:20 AM | Quit Fussing Over All those Alerts: Using Automation to Identify LeadsAre you struggling to uncover attacks and rapidly investigate threats? If so, you’re not alone. Today’s SOCs require new approaches to develop and manage their workflows so they can effectively investigate and respond to suspicious activity. Join Devo as we share ways your security team can augment their capabilities amidst massive data growth, an increasing talent shortage, and constantly evolving threats with:
Dan Pistelli, Offensive Security Professional, Devo Technology, Inc. |
11:55 AM | Wrap-UpMegan Roddie, Course Author, SANS Institute |