Because ETW can record detailed and diverse logging information, it has become an important source of information in tools and services such as incident response, antivirus software, and EDR. With a focus on .NET malware, this presentation will discuss how to best leverage ETW to monitor system behavior and detect malicious activity as well as how to identify critical system events, locate key digital forensic evidence of malicious activity, and filter malicious from suspicious activity.

Experience a highly interactive cybersecurity card game! Players not only have fun but also learn the basic concepts of the Cyber Defense Matrix (CDM) security model. By abstractly simulating real-world security incidents, players learn common attacker techniques, the effectiveness of current defensive techniques, and how to use CDM concepts to build an effective and efficient defense—on a budget!

This course is divided into three parts: lecture, discussion, and game! 

First, we will introduce the importance and usefulness of security models used by researchers and analysts, such as CDM, NIST CSF, and Mitre ATT&CK. We will then compare the security models and explain how researchers and analysts use these models to break down cyberattacks into individual techniques and their intended uses, stretching from initial access to data exfiltration and impact. Attendees will learn how cybersecurity analysts map out—and eventually predict—attack behavior and how to use CDM with various information security frameworks to formulate effective security strategies and fill gaps. Most importantly, attendees will be able to immediately use this knowledge in our new highly interactive card game that leverages CDM concepts in a fun, educational, and approachable way highlighting the importance of cybersecurity. 

Experience a highly interactive cybersecurity card game! Players not only have fun but also learn the basic concepts of the Cyber Defense Matrix (CDM) security model. By abstractly simulating real-world security incidents, players learn common attacker techniques, the effectiveness of current defensive techniques, and how to use CDM concepts to build an effective and efficient defense—on a budget!

This course is divided into three parts: lecture, discussion, and game! 

First, we will introduce the importance and usefulness of security models used by researchers and analysts, such as CDM, NIST CSF, and Mitre ATT&CK. We will then compare the security models and explain how researchers and analysts use these models to break down cyberattacks into individual techniques and their intended uses, stretching from initial access to data exfiltration and impact. Attendees will learn how cybersecurity analysts map out—and eventually predict—attack behavior and how to use CDM with various information security frameworks to formulate effective security strategies and fill gaps. Most importantly, attendees will be able to immediately use this knowledge in our new highly interactive card game that leverages CDM concepts in a fun, educational, and approachable way highlighting the importance of cybersecurity.