BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsideslv24//talk//89D8Z3
BEGIN:VTIMEZONE
TZID:PST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T100000Z
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T110000Z
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsideslv24-89D8Z3@pretalx.com
DTSTART;TZID=PST:20240806T140000
DTEND;TZID=PST:20240806T144500
DESCRIPTION:Attackers love credentials. Creds are often the key to objectiv
 es - the long-fought initial foothold\, that much-needed lateral movement\
 , or the final privilege escalation that can mean the difference between a
  lucrative return-on-investment\, or burned time\, effort\, and resources.
  And as defenders\, it isn't always easy to tell who is behind the credent
 ial. After all\, all we have are logs\, right...?\n\nBut logs can be extre
 mely valuable\, and we know a lot about credentials\; from their creation\
 , to their usage\, and subsequent invalidation. And we know a lot about ho
 w they are issued\, where they are (or should be) stored\, and to which sy
 stems they are provided. So how do we pull the badness from the noise\, an
 d detect/prevent those we defend from being pwned?\n\nThis talk will discu
 ss core detection concepts targeting credential abuse\, including useful d
 etection patterns\, the Impossible Travel problem\, and credential binding
  violations. We will also contemplate the trade-offs in controls\, the cha
 llenges in pulling the needle from the haystack\, and the need to consider
  the user when hardening or responding to suspected credential abuse.
DTSTAMP:20260413T203122Z
LOCATION:Tuscany
SUMMARY:Detecting Credential Abuse - Troy Defty\, Kathy Zhu
URL:https://pretalx.com/bsideslv24/talk/89D8Z3/
END:VEVENT
END:VCALENDAR