Back To Schedule
Thursday, October 24 • 4:00pm - 4:50pm
Incident Response is HARRRRRD… but it doesn’t have to be

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
So your EDR, AV, or other fancy shiny blinky lights security tools alerted you that Bobs Windows box has some suspicious activity.  Do you have the details you need to investigate or remediate the system?  Can you quickly and easily investigate it?   You can enable a lot of things you already have for FREE to help you with your investigations, no matter the tools used.  Let’s take a look at how we do Incident Response on Windows systems and what you can do to prepare for an inevitable event.

How is your logging? Is it enabled? Configured to some best practice? (hopefully better than an industry standard that is seriously lacking). Have you enabled some critical logs that by default Microsoft does NOT enable? Do you have a way to run a command, script, or a favorite tool across one or all your systems and retrieve the results? Do you block some well-known exploitable file types so users do not initiate the scripting engine when they double click, rather just open good ol’ Notepad?

Everything mentioned here is FREE and you already have it!

This talk will describe these things and how to prepare, and be PREPARED to do incident Response on Windows systems. A few tools will be discussed as well that you can use to speed things up.
The attendee can take the information from this talk and immediately start improving their environment to prepare for the… inevitable, an incident.

avatar for Michael Gough

Michael Gough

IMF Security
Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic.  Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for.  Michael is a primary contributor to the... Read More →

Thursday October 24, 2019 4:00pm - 4:50pm MDT
Track 1