My session abstract:
“Microsoft Exchange Servers are a high value target, making investigation of them during Incident Response vital, but where do you start? What should you look for? Backdoor implants in the form of webshells hiding in OWA are on the rise. Find out how to hunt webshells and differentiate between legitimate use and attacker activity, using default logging available on every Exchange Server, through real world examples. It’s easier than you might think, and these techniques can help up your DFIR game in environments containing Exchange Servers!”

Full agenda: https://www.sans.org/event-downloads/45247/agenda.pdf

More details: https://www.sans.org/event/threat-hunting-and-incident-response-summit-2017

If you can’t make the summit, a recording should be available afterwards.  I’ll post a link to the recording and a detailed blog on this subject when available.

Josh Bryant

Cybersecurity Product Leader and internationally recognized Speaker at several Information Security conferences and events with over 26 years of experience as a proven leader in Cybersecurity, Product Management, Threat Hunting, Incident Response, IT Management, IT Architecture, IT Operations, IT Engineering, and Messaging Systems, on a global scale, across a diverse set of industries in both the Public and Private sectors.

192.168.2.21:30040

The post Join me at the 2017 SANS Threat Hunting and Incident Response Summit – April 18th and 19th first appeared on Fix The Exchange!.