Malware is nothing but a counterfeit process. Imagine trying to find counterfeit bills with only a cursory knowledge of what money looks like. Sure it's green and has numbers on it, but that doesn't make you a currency expert. Sadly, that's the equivalent knowledge level of many infosec professionals when examining Windows systems during live response.
In order to find evil, you must first know what good looks like. In this session, we'll spend some time getting to know what behavior is expected on Windows 10 systems so you can pull the signal out of the noise (and oh is there ever noise). The time you invest today will pay huge dividends during your next investigation.
This session is appropriate for both defenders and attackers (penetration testers). Incident responders will find great value in understanding baseline Windows 10 operation. What processes are expected? Are there normal scheduled tasks? What weird behavior should I expect on Windows 10 that wasn't there in previous operating systems. Penetration testers frequently exploit the same weaknesses in their tests that have been used by attackers. Look carefully and you may find you're not the only one on that box you just popped.