This event has ended. Visit the official site or create your own event on Sched.
Back To Schedule
Friday, October 11 • 1:00pm - 2:00pm
TH-3005 Host & Threat Hunting on a Budget

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

First 100 days, I wanted to make a positive impact on the organization. I get a lay of the land and notice it was a majority Windows shop with no endpoint visibility. I go over how I prove to management and IT Operations when an opportunity presents itself. There is a suspicious beaconing of a known malicious domain. I quickly deploy Sysmon with PowerShell, as WinRM is enabled everywhere. Bam! I find Kovter fileless malware and break down the analysis. Now that I have buy-in, I go over the methods to get quick wins by deploying technologies like Sysmon, OSqeury, turn on auditing and Windows firewalls. I go over the benefits of Sysmon, how to deploy in the environment on a budget I do a post-mortem assessment and what I would have done differently.

avatar for Leo Bastidas

Leo Bastidas

DFIR/Threat Hunter, Fujitsu
Leo Bastidas started his career as a troubled teen, it's how he ended up working at the local repair shop, fixing PCs. He then joined the military after high school as there were no other options at the time. That is where he started with the Military Police, then quickly pivoted... Read More →

Friday October 11, 2019 1:00pm - 2:00pm CDT
BONHAM 3-D | Expert 2 600 E Market St, San Antonio, TX Floor 3