TH-3005 Host & Threat Hunting on a Budget

Presented at Texas Cyber Summit 2019, Oct. 11, 2019, 1 p.m. (60 minutes)

First 100 days, I wanted to make a positive impact on the organization. I get a lay of the land and notice it was a majority Windows shop with no endpoint visibility. I go over how I prove to management and IT Operations when an opportunity presents itself. There is a suspicious beaconing of a known malicious domain. I quickly deploy Sysmon with PowerShell, as WinRM is enabled everywhere. Bam! I find Kovter fileless malware and break down the analysis. Now that I have buy-in, I go over the methods to get quick wins by deploying technologies like Sysmon, OSqeury, turn on auditing and Windows firewalls. I go over the benefits of Sysmon, how to deploy in the environment on a budget I do a post-mortem assessment and what I would have done differently.


Presenters:

  • Leo Bastidas - Fujitsu
    Leo Bastidas started his career as a troubled teen, it's how he ended up working at the local repair shop, fixing PCs. He then joined the military after high school as there were no other options at the time. That is where he started with the Military Police, then quickly pivoted into contingency incident response. Later in his military career, he moved again, but this time into special operation after a grueling "assessment and selection" process. He is currently in the private sector.

Links:

Similar Presentations: