2022-08-27 –, Room 401 - "Re-Engage" track
Do you know what could be lurking in your Windows event logs? For years, blue teams have been using Windows event logs to track the activities of red teams and threat actors alike, but now we flip the table and use the logs for offensive purposes. Starting with the first public disclosure, this talk takes the attendees through the steps of developing working PoCs and the lessons learned along the way. Attendees will be shown multiple techniques to leverage this capability for persistence and potentially more. Windows event logs are a prime place to store payloads and shellcode, so blue teams better be ready.
Tim Fowler is a Security Analyst with Black Hills Information Security has over a decades of experience working in information security. He has worked for Fortune 200 financial institutions as well as a consultant, providing penetration testing and red team services. Tim is passionate about sharing his knowledge with others and has had the pleasure of speaking at multiple security conferences across the county. When not hacking away as a clients network or writing the subsequent report, Tim loves spending time with his wife and son swimming endless laps in the pool and making things with his CNC router and Co2 laser cutters