The Best Online Cybersecurity Training in the World - SANS OnDemand


To attend this webcast, login to your SANS Account or create your Account.

Windows Baselining and Remote System Assessment: For the Low-low Price of Free-ninety-free

  • Friday, February 16th, 2018 at 1:00 PM EST (18:00:00 UTC)
  • Chris Pizor and John Strand
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


One of the primary pieces of advice given in regards to Incident Response and Digital Forensics is to know normal, as it will help you find evil. Today's enterprises are often full of disparate one-off user workstations and different server builds. In this jungle of operating system configurations, when the administrators are asked if they have baseline documentation for any of them, the resounding answer is usually a sharp "No" accompanied by veiled chuckles. This presentation will cover data points that should be a part of your system baseline and multiple commands used to gather them. Examples will be provided using the traditional Windows command prompt, the Windows Management Instrumentation Console (WMIC), and PowerShell, and some reasons why you may either need or want to use one versus another. Lastly, we will discuss the MITRE CALDERA automated adversary emulation system and how this can be leveraged to test endpoint security as well as the effectiveness of your baselines. It doesn't take expensive tools or an exorbitant amount of time to see marked increases in your Incident Response and Threat Hunting effectiveness.

Speaker Bios

John Strand

John Strand is a senior instructor with the SANS Institute. He teaches SEC504: Hacker Techniques, Exploits, and Incident Handling; SEC560: Network Penetration Testing and Ethical Hacking; SEC580: Metasploit Kung Fu for Enterprise Pen Testing; and SEC464: Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education. John is the course author for SEC464: Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education and the co-author for SEC580: Metasploit Kung Fu for Enterprise Pen Testing.

When not teaching for SANS, John co-hosts PaulDotCom Security Weekly, the world's largest computer security podcast. He is also the owner of Black Hills Information Security, specializing in penetration testing and security architecture services. He has presented for the FBI, NASA, the NSA, and at DefCon. In his spare time he writes loud rock music and makes various futile attempts at fly-fishing.

Very informative! Mr. John Strand's experience shared through narrative brings course material to life. - Christopher Wilson, USAF

Follow John on Twitter @strandjs

Chris Pizor

Chris Pizor is a civilian employee working for the U.S. Air Force as the lead curriculum designer for cyber warfare operations training. Chris served on active duty in the USAF as a Network Intelligence Analyst before retiring in 2010. He was part of the initial cadre of the NSA Threat Operations Center and helped developed tactics to discover and eradicate intrusions into U.S. Government systems. Chris has a total of 20 years working in the Intelligence Community with 12 years focused on Cybersecurity. Over the course of his active duty career, Chris received multiple individual and team awards. Chris is passionate about security and helping others advance their security knowledge. He is continuously researching and refining his own skills so he can prepare U.S. Airman and other professionals defend their vital networks and critical infrastructure. Chris earned a Bachelor's Degree in Intelligence Studies and Information Operations from the American Military University and a Master's of Science in Cybersecurity from University of Maryland University College. He holds the GSEC, GCIA, GCIH, GPEN, GXPN, GCFA, GISP, and CISSP certifications. When Chris isn't working, he enjoys spending time with his wife and two young children, woodworking, and spending time outdoors.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.