We'll be meeting at the Livonia Campus Room 432
Here are the talks we have lined up:
Host Based detection - Doug Clendening
Receiving intelligence about malicious activity is one thing. Finding it in your own environment is another. I'll walk you through how we analyze threats and create IDS rules that are actionable in a worldwide corporation with hundreds of thousands of end points. Host based Mcafee HIPs will be the tool of discussion.
Reflective DLL injection with powershell and mimikatz -
Reflective DLL injection technique loads a dll into the memory of a process. By using the password dumper mimikatz combined with Joe Bialek's powershell scripts, an attacker can remotely dump credentials without ever writing their tools disk. This attack will by demonstrated and we will analyze the difference in SMB vs PS-remoting network traffic and host analysis, time permitting.