Logging is what allowed us to catch and understand an advanced Chinese attack. Learn what we did and know so you can do it too.
Windows logs are solid gold if you know what to Enable, Configure, Gather and Harvest. When hacked they can tell you what you need to know to find and harvest the malware. This class walks through a Chinese advanced attack and what information in the logs allowed us to harvest their malware and understand what it and they were doing. Details of the attack will be covered as well as information shared to allow you to catch a similar type of attack. This class will show Chinese Red Team pwnage at its finest, but is designed to be Blue Team Defense in nature so you can learn from those that have been through an advanced attack. What works and why will also be discussed. Handouts will be provided.
Michael, is a Malware Archaeologist, Information Security professional, blue team defender and logoholic. Michael developed the "Malware Management Framework" to improve malware discovery and detect and response capabilities. Michael also authored the "Windows Logging Cheat Sheet" to help the security industry understand Windows logging, where to start and what to look for. Michael's responsible disclosures involve cardkey system exploits and vulnerabilities with leading security products. Michael has also Michael's background includes 20 years of security consulting for Fortune 500 organizations with HP, health care, financial and gaming industries. Michael also ran BSides Texas for five years for the Austin, San Antonio, Dallas and Houston cons. Now Michael defends against malefactors and ne'er-do-weller's trying to p0wn their employer's assets.