WEBCAST: Live Forensics & Memory Analysis
John Strand //
So you think you might have a compromised Windows system. If you do, where do you start? How would you review the memory of that system? What are the first 10 commands you’d run to see if it’s actually compromised?
This webcast is based on SANS 504, and introduces attendees to some free sample memory dumps and command output of compromised systems. BHIS has spent a fair amount of time creating samples for everyone to play with to sharpen their skills!
For more info, the slides and other information visit www.tinyurl.com/504-extra
Want to level up your skills and learn more straight from John himself?
You can check out his classes below!
Active Defense & Cyber Deception
Getting Started in Security with BHIS and MITRE ATT&CK
Available live/virtual and on-demand
January 20, 2017 @ 12:19 pm
should this slide deck be in the dropbox link?
January 23, 2017 @ 8:28 am
Yes…. is it not there yet? John needs to upload that, I will try and remind him -Sierra
February 2, 2017 @ 4:05 am
Hi, any chance of getting the slides for this? dont see them on the site yet. thanks
February 2, 2017 @ 8:35 am
John named it something weird, so it was hard to find in the tiny url. Here is the link: https://www.dropbox.com/sh/gb6k64cm3m641td/AADjcsSx6jKxFpzhS4nufQSka?dl=0&lst=&preview=Initial_detection.pdf
February 25, 2017 @ 6:48 pm
I am not able to access http://www.tinyurl.com/504-extra it is returning a 404 error Owner has not granted you access.
February 27, 2017 @ 9:45 am
Drop Box dropped it. We are working on getting a new one set up. Stay tuned!
May 16, 2017 @ 3:23 am
Any update to the new location of the slides? Thanks for a great webcast.
June 2, 2017 @ 10:42 am