Defensive talks NOT “sexy”? What’s sexier than catching an attack like Target, APT, SET or your Pen Tester? Let me show you some sexy logging presented at BSidesSeattle 2014

by Hackerhurricane ,

Summary : Lack of defensive talks at Cons and the misconception they are not “sexy” is why I believe our industry is failing and 5 or more years behind the hacker’s abilities. The hackers know what we know and capitalize on it. Isn’t it time to turn the tables? We need to improve our staff’s abilities and at Cons by doing more defensive talks that attendees can take back to their jobs and do, actionable take-aways, to keep their jobs.
This talk will focus on Windows systems and the Target breach by walking through the events generated by the BlackPoS/BackOff malware. It happens to mimic just about every attack we have seen as well, they don’t look much different when get to the logs of an attack. The take away; how an organization of any size can get started with Windows logging, what to monitor in order to alert and take action on a suspect breach. Even how to detect activity from Dave’s own SET Powershell execution will be discussed as well as a new logging feature in Windows 8.1.