I’ll be presenting a brand new session titled “Hunting Webshells on Microsoft Exchange Server” at the 2017 SANS Threat Hunting and Incident Response Summit in New Orleans on April 18th and 19th!
My session abstract:
“Microsoft Exchange Servers are a high value target, making investigation of them during Incident Response vital, but where do you start? What should you look for? Backdoor implants in the form of webshells hiding in OWA are on the rise. Find out how to hunt webshells and differentiate between legitimate use and attacker activity, using default logging available on every Exchange Server, through real world examples. It’s easier than you might think, and these techniques can help up your DFIR game in environments containing Exchange Servers!”
Full agenda: https://www.sans.org/event-downloads/45247/agenda.pdf
More details: https://www.sans.org/event/threat-hunting-and-incident-response-summit-2017
If you can’t make the summit, a recording should be available afterwards. I’ll post a link to the recording and a detailed blog on this subject when available.
Cybersecurity Product Leader and internationally recognized Speaker at several Information Security conferences and events with over 26 years of experience as a proven leader in Cybersecurity, Product Management, Threat Hunting, Incident Response, IT Management, IT Architecture, IT Operations, IT Engineering, and Messaging Systems, on a global scale, across a diverse set of industries in both the Public and Private sectors.