SANS Digital Forensics and Incident Response Blog: Category - Threat Hunting

Top 11 Reasons Why You Should NOT Miss the SANS DFIR Summit and Training this Year

The SANSDFIR Summit and Training 2018is turning 11!The 2018 event marks 11 years since SANS started what is todaythedigital forensics and incident response event of the year, attended by forensicators time after time. Join us and enjoy the latest in-depth presentations from influential DFIR experts and the opportunity to take an array of hands-on SANS … Continue reading Top 11 Reasons Why You Should NOT Miss the SANS DFIR Summit and Training this Year


SANS Threat Hunting and Incident Response Summit 2018 Call for Speakers - Deadline 3/5

Summit Dates:September 6 & 7, 2018 Call for Presentations Closes onMonday, March 5, 2018 at 5 p.m CST Submit your presentation here The Threat Hunting & Incident Response Summit will focus on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting your networks. SANS … Continue reading SANS Threat Hunting and Incident Response Summit 2018 Call for Speakers - Deadline 3/5


Meltdown and Spectre - Enterprise Action Plan

Meltdown and Spectre - Enterprise Action Plan by SANS Senior Instructor Jake Williams Blog originally posted January 4, 2018 by RenditionSec MELTDOWN SPECTRE VULNERABILITIES Unless you've been living under a rock for the last 24 hours, you've heard about the Meltdown and Spectre vulnerabilities. I did a webcast with SANS about these vulnerabilities, how they … Continue reading Meltdown and Spectre - Enterprise Action Plan


Automated Hunting of Software Update Supply Chain Attacks

Software that automatically updates itself presents an attack surface, which can be leveraged en masse through the compromise of the vendor's infrastructure. This has been seen multiple times during 2017, with high profile examples includingNotPetya and CCleaner. Most large organisations have built robust perimeter defences for incoming and outgoing traffic, but this threat vector … Continue reading Automated Hunting of Software Update Supply Chain Attacks


Acquiring a Memory Dump from Fleeting Malware

Introduction The acquisition of process memory during behavioural analysis of malware can provide quick and detailed insight. Examples of where it can be really useful include packed malware, which may be in a more accessible state while running, and malware, which receives live configuration updates from the internet and stores them in memory. Unfortunately the … Continue reading Acquiring a Memory Dump from Fleeting Malware