TWC: CSI: Windows - Techniques for Finding the Cause of the Unexpected System Takeovers
OK, so an attacker got into your infrastructure, used server’s misconfiguration, created themselves an account and… Exactly! And what? Or maybe you would like to know where to gather information about activities in an operating system. In both cases, this session is for you! This is the moment that we wonder what else could happen beyond what we can see, and if it is possible to trace hacker’s activities in our systems. Yes it is! By performing several analyses we are able to get enough evidence of performed malicious actions. This type of monitoring can be also useful when performing the regular investigation of what happened in the system, not only from the attacker’s perspective. Come and see what it means to be hacked and that nothing can be completely hidden! During this session you will become familiar with tracing system related situations and how to establish informative monitoring that can alarm you if something goes wrong in your environment. This session is a real deep-dive into the monitoring world so be prepared for a hard-core technical ride!