Monitoring and Incident Response on a Shoestring Budget

Presented at Wild West Hackin' Fest 2017, Oct. 27, 2017, 3:10 p.m. (45 minutes)

As pen testers, we are familiar with the techniques used to attack an environment. Knowing these techniques informs us with respect to various methods of potential detection. In fact, we are often asked by our clients what they could have done to detect the methods we used to successfully compromise their environment. There are so many great community projects out there that allow defenders to assemble their own toolkit for tactical, and focused environment monitoring. If you follow the Black Hills blogs, webcasts, and tool releases you know that we tend to not neglect the network defenders in the community and cover these tools and how to implement them. That's because while we know that while offense can be and flashy and fun, defense wins the game. In this updated talk, we will cover a continuing evolution of how you can use free and open source tools to help detect potential attackers in your network.


  • Joff Thyer - Black Hills Information Security
    Joff has over 15 years of experience in the IT industry in roles such as enterprise network architect and network security defender. He has experience with intrusion detection and prevention systems, penetration testing, engineering network infrastructure defense, and software development. Joff also co-hosts the Security Weekly podcast.
  • Derek Banks - Black Hills Information Security
    Derek is a Senior Security Analyst at Black Hills Information Security and has over 20 years of experience in the IT industry as a systems administrator for multiple operating system platforms, and monitoring and defending those systems from potential intruders. He has worked in the aerospace, defense, banking, manufacturing, and software development industries. Derek has experience with creating custom host and network based monitoring solutions.


Similar Presentations: