BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//hack-lu-2025//talk//WKQ8EM
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-hack-lu-2025-WKQ8EM@pretalx.com
DTSTART;TZID=CET:20251021T114500
DTEND;TZID=CET:20251021T121500
DESCRIPTION:It is not unusual for CERT/CSIRT/SOC teams to use collection an
 d live forensics tools in their incident response workflow. Programs such 
 as Velociraptor\, KAPE or DFIR-ORC can legitimately access low-level files
 ystem data and memory for the purposes of extracting forensic artifacts.\n
 \nIn this talk\, we will show how these tools can be abused for credential
  access and why they might be overlooked by security teams. We will also d
 iscuss detection opportunities and what events to monitor in order to effe
 ctively counter these techniques.
DTSTAMP:20260306T110825Z
LOCATION:Europe
SUMMARY:LOLBlue : Living Off the Land with Blue Team tools - Maxence Fossat
 \, Antoine C
URL:https://pretalx.com/hack-lu-2025/talk/WKQ8EM/
END:VEVENT
END:VCALENDAR