2023-10-07 –, Track 4
The rise in ransomware attacks and third-party breach notifications has contributed to reducing the global mean time to detection (MTTD). So, adversary dwell time is likely much higher than perceived. We must also consider the "unknowns unknowns" that allow attackers to lurk casually on our networks like silent ghosts. In this talk, we will look at a blue team tactic for Microsoft Windows environments that will help reduce the dwell time of ghouls feeding on our sensitive data and the ghosts haunting our networks. A demo at the end will showcase one way to operationalize the information presented using a custom tool.
Michael is a Senior Security Engineer with over 10 years of experience in the public and private sectors. He is a proactive and iterative cyber threat hunter specializing in detection engineering, DFIR, and automation. Michael has led teams and directed collaborative efforts to develop and implement strategies for mitigating evolving threat trends.
Michael is the Founder and Principal Consultant of Sawbox Consulting, where he identifies and resolves security issues, implements solutions and evaluates security systems for clients. Additionally, he serves as the Executive Director and Co-Founder of SmashTheStack, a prominent educational platform focused on ethical hacking. His dedication to sharing knowledge is further exemplified by his role as a Cybersecurity Author on Pluralsight, where he has created and published several high-quality courses.
Michael holds a Bachelor of Science (B.S.) in Computer Science from the University of Maryland Global College and has obtained multiple certifications, including CompTIA Advanced Security Practitioner (CASP+), Certified Ethical Hacker (CEH), and multiple GIAC certifications.