Hide and Seek with EMET
Covers the defensive capabilities of Microsoft's Enhanced Mitigation Experience Toolkit 5.5 — the evolution of advanced memory protections and mitigations within Windows, possibilities for improving EMET for upcoming environment changes, limitations from version 1.0 through 5.5, and common bypass techniques used by attackers to defeat the framework's countermeasures.
Collecting Threat Data using Distributed Deception
What happens when you deploy honeypots in different geographic locations and monitor, collect, and analyze the threat data for several years? The Fakelabs Project covers the architecture, observations, automation, derived products, and lessons learned — with demos and guidance for how defenders can operationalize the findings.
Detecting Ghouls & Ghosts in the Wires
The rise in ransomware attacks has contributed to reducing global mean time to detection — but adversary dwell time is likely far higher than perceived. A blue team tactic for Windows environments targeting the "unknown unknowns" that allow attackers to lurk silently on the network, with a demo showcasing a custom tool to operationalize the detection approach.