Every incident ends with a lessons learned meeting, and most executive summaries include this bullet point: "Leverage the tools you already paid for"
Are you leveraging the tools you already paid for? Are you using the host-based firewall to block/alert when applications like PowerShell, PSExec, and WMIC attempt to make outbound connections from non-IT clients? Have you enabled AppLocker?
DeepBlueCLIv3 will go toe-to-toe with the latest attacks, analyzing the evidence malware leaves behind, using built-in capabilities such as Windows command line auditing, PowerShell, and Sysmon logging. This talk will focus on the latest updates to DeepBlueCLI, including detecting Impacket and WMI-based attacks, C2 frameworks such as Sliver, password spraying, process injection, event log manipulation, and more.
Learn more about Eric's course SEC511 Continuous Monitoring and Security Operations: www.sans.org/u/1rq7
About the Speaker
Eric Conrad, a SANS Faculty Fellow and course author of three popular SANS courses. He has over 28 years of information security experience , has created numerous tools and co-authored the CISSP Study Guide. Eric is the Chief Technology Officer (CTO) of Backshore Communications, a company focusing on hunt teaming, intrusion detection, incident handling, and penetration testing. He is a graduate of the SANS Technology Institute with a Master of Science degree in Information Security Engineering and also holds various industry certifications including the Certified Information Systems Security Professional (CISSP), GSE, GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC.
7 июл 2024
