Tricking modern endpoint security products | SANS@MIC Talk
Overview
The current endpoint monitoring capabilities we have available to us are unprecedented. Many tools and our self/community-built detection rules rely on parent-child relationships and command-line arguments to detect malicious activity taking place on a system.
There are, however, ways the adversaries can get around these detections. During this presentation, we'll talk about the following techniques and how we can detect them:
- Parent-child relationships spoofing
- Command-line arguments spoofing
- Process injection
- Process hollowing
Speaker Bio
Michel Coene has had the unique opportunity to work in different environments and with a multitude of security products and concepts, approaching these from different angles. Michel looks at security problems from both an offensive and defensive perspective, matching perfectly with the purple teaming perspective of SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses.
In addition to his work at SANS, Michel is the incident response lead at NVISO where he manages a team of incident responders and forensic analysts that respond to cyber incidents worldwide. Michel specializes in incident response, digital forensics and threat hunting himself as well, where he uses his pragmatic and analytical skills to assist clients in solving security issues.
Before joining NVISO, Michel worked as a security consultant for a big 4 firm in Belgium, focusing on architecture penetration testing and doing security assessment on large complex networks. Next to that Michel has a background in network engineering.
Видео Tricking modern endpoint security products | SANS@MIC Talk канала SANS Institute
The current endpoint monitoring capabilities we have available to us are unprecedented. Many tools and our self/community-built detection rules rely on parent-child relationships and command-line arguments to detect malicious activity taking place on a system.
There are, however, ways the adversaries can get around these detections. During this presentation, we'll talk about the following techniques and how we can detect them:
- Parent-child relationships spoofing
- Command-line arguments spoofing
- Process injection
- Process hollowing
Speaker Bio
Michel Coene has had the unique opportunity to work in different environments and with a multitude of security products and concepts, approaching these from different angles. Michel looks at security problems from both an offensive and defensive perspective, matching perfectly with the purple teaming perspective of SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses.
In addition to his work at SANS, Michel is the incident response lead at NVISO where he manages a team of incident responders and forensic analysts that respond to cyber incidents worldwide. Michel specializes in incident response, digital forensics and threat hunting himself as well, where he uses his pragmatic and analytical skills to assist clients in solving security issues.
Before joining NVISO, Michel worked as a security consultant for a big 4 firm in Belgium, focusing on architecture penetration testing and doing security assessment on large complex networks. Next to that Michel has a background in network engineering.
Видео Tricking modern endpoint security products | SANS@MIC Talk канала SANS Institute
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017Moving Past Just Googling It: Harvesting and Using OSINT | SANS@MIC TalkReflections of a New CISO: 5 Lessons Learned | SANS@MIC TalkC2 Matrix | SANS@MIC TalkSANS Webcast - Perimeter Security and Why it is ObsoleteStealth persistence strategies | SANS@MIC TalkReal-Time OSINT: Investigating Events as They Happen | SANS OSINT Summit 2020Virtuous Cycles: Rethinking the SOC for Long-Term Success | SANS Security Operations Summit 2019Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017Latest Techniques in Hacking the Human | SANS Security Awareness SummitJumping Air Gaps – SANS ICS Summit 2018Threat Hunting via Sysmon - SANS Blue Team SummitOSINT: Not Just Offensive - SANS Blue Team SummitIntroduction to Malware AnalysisUnconventional Logging and Detection - SANS Tactical Detection Summit 2018SANS Webcast - YARA - Effectively using and generating rulesRussia’s Cyber Capabilities – Part 1 of 4 SANS Emerging Cyber Guidance to the Ukraine-Russia WarA SOC Technology/Tools Taxonomy – And Some Uses for It | SANS Security Operations Summit 2019Weaponizing the Deep Web | SANS OSINT Summit 2020