WEBCAST: Live Forensics & Memory Analysis

So you think you might have a compromised Windows system. If you do, where do you start? How would you review the memory of that system? What are the first 10 commands you’d run to see if it’s actually compromised?

This webcast is based on SANS 504, and introduces attendees to some free sample memory dumps and command output of compromised systems. BHIS has spent a fair amount of time creating samples for everyone to play with to sharpen their skills!

For more info, the slides and other information visit www.tinyurl.com/504-extra

Want to level up your skills and learn more straight from John himself?
You can check out his classes below!

SOC Core Skills

Active Defense & Cyber Deception

Getting Started in Security with BHIS and MITRE ATT&CK

Introduction to Pentesting

Available live/virtual and on-demand

8 Comments

mark
January 20, 2017 @ 12:19 pm

should this slide deck be in the dropbox link?
- BHIS
  January 23, 2017 @ 8:28 am
  
  Yes…. is it not there yet? John needs to upload that, I will try and remind him -Sierra
James
February 2, 2017 @ 4:05 am

Hi, any chance of getting the slides for this? dont see them on the site yet. thanks
- BHIS
  February 2, 2017 @ 8:35 am
  
  John named it something weird, so it was hard to find in the tiny url. Here is the link: https://www.dropbox.com/sh/gb6k64cm3m641td/AADjcsSx6jKxFpzhS4nufQSka?dl=0&lst=&preview=Initial_detection.pdf
markd
February 25, 2017 @ 6:48 pm

I am not able to access http://www.tinyurl.com/504-extra it is returning a 404 error Owner has not granted you access.
- BHIS
  February 27, 2017 @ 9:45 am
  
  Drop Box dropped it. We are working on getting a new one set up. Stay tuned!
NonApplicable
May 16, 2017 @ 3:23 am

Any update to the new location of the slides? Thanks for a great webcast.
- BHIS
  June 2, 2017 @ 10:42 am
  
  http://www.tinyurl.com/504extra2