This talk will focus on using open source memory forensics tools such as Rekall or Volatility to look through memory structures and spot artifacts that are out of place. In this talk we will examine an advanced piece of malware that is built to hide from the native operating system, then examine the constructs it creates in memory and how to find them with repeatable hunting techniques. Last we will look at scaling these techniques for practical hunting across an enterprise.
Daniel Sweet joined Tanium after spending 11 years leading large scale incident response and computer forensics investigations in both the government and commercial sectors. Daniel has spent his career in positions specializing in computer forensics, threat intelligence, malware analysis, and security product development. Currently Daniel specializes in memory forensics and incident response content development at Tanium.
Our Guest Organization of the month is Baylor Scott & White Health. NTXISSA would like to thank them for joining us.
Location : 8787 Park Ln, Dallas, TX 75231
Sponsor : CyberBit
Time: 5-9pm ( Learn, Dine and Golf)
Limited seats : reservation only
For reservation reach out firstname.lastname@example.org
You may reserve your spot by registering at Constant Contact before 9:00am the day of the meeting. We encourage you to register online even if you plan on paying at the door so that we will have a count for the restaurant.
Please note you are free to show up without registering and we will certainly try to seat you, but it is always possible we may need to turn unregistered persons away when seats run out – so please register.
Members who prepay online: $10
Guests who prepay online: $25
Anyone paying at the door: $30
Come back following the meeting for access to the video, presentation file, and photos from this event.
Note: Photos and audio/video recording occur at our events and you will be required to agree to a release during registration.