Monday, January 19, 2015

Talks for January 21st

We'll be meeting at the Livonia Campus Room 432

Here are the talks we have lined up:

Host Based detection - Doug Clendening

Receiving intelligence about malicious activity is one thing. Finding it in your own environment is another. I'll walk you through how we analyze threats and create IDS rules that are actionable in a worldwide corporation with hundreds of thousands of end points. Host based Mcafee HIPs will be the tool of discussion.

Reflective DLL injection with powershell and mimikatz -   

Reflective DLL injection technique loads a dll into the memory of a process. By using the password dumper mimikatz combined with Joe Bialek's powershell scripts, an attacker can remotely dump credentials without ever writing their tools disk.  This attack will by demonstrated and we will analyze the difference in SMB vs PS-remoting network traffic and host analysis, time permitting.