Toptube Video Search Engine



Title:Once Upon a Login: How Logon Sessions Help Defenders See the Bigger Picture
Duration:39:43
Viewed:779
Published:01-12-2022
Source:Youtube

Threat detection and response technologies are disproportionately process-centric, focusing primarily on isolated behaviors and parent-child relationships. Process-based, behavioral detection has been a vast improvement over the static signatures, hashes, and IP addresses we relied on previously, but adversaries are increasingly adopting evasive techniques that expose weaknesses in process-based detection. Although it won't replace process metadata altogether, logon session telemetry is a valuable, contextual data source for detection and investigation. It enables analysts and tools to trace a user's actions back from a suspicious process event to the initiation of their logon session, telling the whole story of everything an adversary might have done in an intrusion. This talk will explain what logon sessions are, how they expose adversary actions, where you can find them, how you can use them to improve threat detection and incident response. ABOUT THE SPEAKER Jonny Johnson is a security enthusiast who loves spending time with all things related to Windows Internals, reverse engineering, and data analysis. Jonny is a Consultant at SpecterOps where he applies threat research and low-level knowledge to defensive capabilities, arming defenders with the information and tools needed to cover defensive gaps. Jonny loves to share his actionable findings in blogs and is committed to helping defenders be effective, independent, and efficient. View upcoming Summits: http://www.sans.org/u/DuS Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE #BlueTeamSummit #BlueTeam #CyberDefense



SHARE TO YOUR FRIENDS


Download Server 1


DOWNLOAD MP4

Download Server 2


DOWNLOAD MP4

Alternative Download :