SANS Digital Forensics and Incident Response Blog

SANS Digital Forensics and Incident Response Blog

Invite - SANS #DFIR Free Open House And Community Night - Dec 10 2012 - Wash D.C.


We would like to invite you to a free and open DFIR Community reception/talks at SANS Digital Forensics and Incident Response Campus at CDI 2012 in Washington D.C.

Join us and network with others in the DFIR community then stay for a few evening DFIR presentations.

FREE and OPEN TO PUBLIC - MUST REGISTER TO ATTEND- CLICK HERE


Monday, December 10th


The Dupont Circle Hotel
1500 New Hampshire Ave Nw
Washington DC 20036

 

Schedule for Dec 10th


6:00pm - 7:00pm SANS DFIR Campus Open House Community Reception (w/food and drinks)

7:15pm - 8:15pm "Malware Analysis using REMnux" w/ Lenny Zeltser

8:15pm - 9:15pm "Detecting Persistence Mechanisms" w/Alissa Torres

Open House and Evening Events at the DFIR Campus on December 10thare fully open to the public. Please register to attend the Open House and evening presentations here:https://www.sans.org/bonus-sessions/register/1427/24463

 

Synopsis of Talks


"Malware Analysis using REMnux" w/ Lenny Zeltser


Though some tasks for analyzing Windows malware are best performed on Windows laboratory systems, there is a lot you can do on Linux with the help of free and powerful tools. REMnux is an Ubuntu distribution that incorporates many such utilities. This practical session presents some of the most useful REMnux tools. Lenny Zeltser, who teaches SANS' reverse-engineering malware course, will share how you can use the utilities installed on REMnux to:


- Study network interactions of malicious programs


- Analyze malicious websites and obfuscated JavaScript


- Examine malicious PDF documents


- Explore important aspects of suspicious Windows executables


- Identify malware artifacts in memory snapshot files



If you haven't experimented with Linux-based tools for malware analysis, you've been missing out. And if you've been meaning to begin exploring the field of malware analysis, this talk will help you get started.

8:15pm - 9:15pm "Detecting Persistence Mechanisms" w/Alissa Torres


Often times, artifacts of persistence created by an attacker in order for their malware to survive on a system are important leads to unravel the adversary's methodologies. These techniques, including registry keys, scheduled tasks and other methods, can be excellent indicators for the signature creation used in enterprise scanning. How do you find these valuable artifacts? What tools can you use to aid in their discovery? This presentation covers the common persistence techniques used in today's malware and the forensic techniques and tools that can be used to uncover them.

We look forward to seeing you at the DFIR Campus in December! Again - please register to attend the Open House and evening presentations here:https://www.sans.org/bonus-sessions/register/1427/24463

Post a Comment






Captcha

* Indicates a required field.