Category: Conference Talks
-
Back in April of 2016, Zaid Arafeh, Clare Kearney, and I, recorded a 7 part series for the Microsoft Virtual Academy titled “Defending Active Directory against Cyberattacks”. Unfortunately Microsoft retired the Virtual Academy and most of the recordings are no longer available. Some of the content is now part of this edX course on Managing…
-
Microsoft Exchange Servers are a high-value target for many adversaries, which makes the investigation of them during Incident Response vital. Backdoor implants in the form of webshells and IIS modules on servers are on the rise. Find out how to hunt webshells and differentiate between legitimate use and attacker activity, using default logging available on…
-
In the physical realm, a successful hunt ends with either a kill or a capture. While some might enjoy the thrill of the hunt, no one really wants to walk away empty handed. Why do we treat hunting in the digital realm differently? The Containment, Eradication, and Recovery phase of the Incident Response Lifecycle is the digital equivalent…
-
Public and private enterprises face the same threats, and yet often have different approaches to defense. What if you could take some of the best tactics from each and blend them together? What if I told you this is already happening in small pockets around the US? Enhance your defenses by studying the strengths and…
-
The results are in, you’ve been breached. It’s officially the worst day of your career. How will you handle what comes next? Are you prepared to navigate the long road to recovery? Where do you even begin? Come, hitch a ride with me, I’ll show you the way. Lessons learned from dozens of compromise recoveries…
-
Microsoft Exchange Servers are a high value target, making investigation of them during Incident Response vital, but where do you start? What should you look for? Backdoor implants in the form of webshells hiding in OWA are on the rise. Find out how to hunt webshells and differentiate between legitimate use and attacker activity, using…
-
I’ll be presenting a brand new session titled “Hunting Webshells on Microsoft Exchange Server” at the 2017 SANS Threat Hunting and Incident Response Summit in New Orleans on April 18th and 19th! My session abstract:“Microsoft Exchange Servers are a high value target, making investigation of them during Incident Response vital, but where do you start?…
-
Here are some times/places you can find me during the Microsoft Ignite conference next week. Sunday May 3rd 3-4 PM – #BeerIT – I’m hoping to make this pre-conference party, but the time conflicts with a meeting I have. Hopefully I’ll be able to make it for at least part of it. 6-9 PM…
-
If you haven't already heard, I'll be delivering a session at the Microsoft Ignite conference at the McCormick Place in Chicago Illinois May 4-8. My session is called "Shut the Front Door! Securing your Messaging Environment". (Session code BRK3109) UPDATED! TIME CHANGE! (Updated again, for some reason the strikethrough text isn't working, removed some text to…