Josh Fraser
State Government Agency
Working at a large government organization in incident response, I spend most of my time detecting and responding to threats and building out additional capabilities for my team.

No EDR? No Money? No Worries!
Technical Level (3 being the highest score): 2

There is a lot of hype around the EDR market in the way the vendors claim they can detect and respond to advance threats and APT’s. However, a lot of the functionality they provide can be created using existing tools organizations already have. Simple use cases like taking memory dumps on any endpoint in your organization would be very difficult in most circumstance, however with a bit of coding this can be done with ease. More complex use cases like killing processes on endpoints and searching for hashes can also be created. Throughout this presentation attendees will learn how to go back to their organizations and build some of this capability without buying more stuff.

Attendees will also see end to end incident response procedures using this tool set, one example will be detecting and alerting of a malicious PDF attachment from a phishing email, the malicious user escalating privileges and setting up persistence. Using a single interface we will be able to see all this behavior in detail and then proceed to remotely respond to it.

Presentation video can be found HERE