{"id":472,"date":"2014-11-08T15:17:51","date_gmt":"2014-11-08T20:17:51","guid":{"rendered":"http:\/\/adsecurity.org\/?p=472"},"modified":"2014-11-13T20:48:04","modified_gmt":"2014-11-14T01:48:04","slug":"mandiant-mircon-2014-presentation-slides","status":"publish","type":"post","link":"https:\/\/adsecurity.org\/?p=472","title":{"rendered":"Mandiant MIRCon 2014 Presentation Slides"},"content":{"rendered":"<h5>Using some <a href=\"https:\/\/www.google.com\/search?q=filetype:pdf+inurl:MIRcon2014&amp;client=firefox-a&amp;rls=org.mozilla:en-US:official&amp;channel=sb&amp;biw=1022&amp;bih=703&amp;start=10&amp;sa=N&amp;bav=on.2,or.r_cp.r_qf.&amp;ech=1&amp;psi=-39dVNnJN_jIsASkj4CwDg.1415413750262.11&amp;ei=Q4xdVO76IIyNsQTG7IHgCg&amp;emsg=NCSR&amp;noj=1\">Google-Fu<\/a>, I was able to find some <a href=\"http:\/\/www.mandiant.com\/mircon2014\/\">MIRCon 2014<\/a> presentation slides (sorry, no videos yet).<\/h5>\n<h5><span style=\"text-decoration: underline;\">Mandiant MIRCon 2014 Presentation Slides:<\/span><\/h5>\n<ul>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_R&amp;D_Track_Insight_into_Symbiotic_APT.pdf\">R&amp;D Track: An Insight into Symbiotic APT Groups<\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_IR_Track_Best_Worst_APT_Malware.pdf\">IR Track: The Best and Worst APT Malware<\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_R&amp;D_Track_Plists_Shell_Scripts_Object-C.pdf\">OSX Malware Plists, Shell Scripts and Object-C Oh-My!\u00a0 <\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_IR_Track_APT_Detection.pdf\">APT Detection with Whitelisting and Log Monitoring<\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_Mgmt_Track_Compliance_Risks_in_APT.pdf\">Management Track: Compliance Risks in APT Response &amp; Defense<\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_Mgmt_Track_Application_Game_Theory.pdf\">Management Track: Application of Game Theory and Adversarial<\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_Mgmt_Track_Past_as_Prologue.pdf\">The Past as Prologue: Potential Theories of Liability Following a Cyber Attack <\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_R&amp;D_Track_Did_You_Check_the_Packet.pdf\">Did You Check the Packet?<\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_IR_Track_Investigating_Powershell_Attacks.pdf\">Why PowerShell?<\/a><\/h5>\n<\/li>\n<li>\n<h5 data-canvas-width=\"364.96416000000005\" data-angle=\"0\" data-font-name=\"Helvetica\"><a href=\"http:\/\/www.mandiant.com\/library\/MIRcon2014\/MIRcon_2014_IR_Track_Analysis_of_Malicious_SSP.pdf\">Analysis of Malicious Security Support Provider DLLs<\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_R&amp;D_Track_Domain_Hygiene.pdf\">Domain Hygiene as a Predictor of Badness<\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_R&amp;D_Track_Into_the_Unknown_BIOS.pdf\">Into the Unknown: Assessing your BIOS<\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_IR_Track_Hobbled_Pen_Testing.pdf\">Hobbled Penetration Testing<\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_Mgmt_Track_Enterprise_Cloud_Security.pdf\">Enterprise Cloud Security via DevSecOps<\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_IR_Track_There%27s_Something_About_WMI.pdf\">There&#8217;s Something About WMI<\/a><\/h5>\n<\/li>\n<li>\n<div class=\"textLayer\">\n<h5 data-canvas-width=\"474.04544000000004\" data-angle=\"0\" data-font-name=\"Helvetica\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_R&amp;D_Track_All_Your_Metadatas.pdf\">All You Metadatas Are Belong To Me: Reverse Engineering Emails on an Enterprise Level <\/a><\/h5>\n<\/div>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_R&amp;D_Track_Who_DIT_It.pdf\">Who DIT It?<\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_Mgmt_Track_Security_Matryoshka.pdf\">Security Matryoshka: The Ins, Outs, and<\/a><\/h5>\n<\/li>\n<li>\n<h5 data-canvas-width=\"184.41\" data-angle=\"0\" data-font-name=\"Helvetica\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_Mgmt_Track_Advice_from_the_Trenches.pdf\">Advice from the Trenches: Preparing for the Challenges and Pressures of a Security Incident Investigation<\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_IR_Track_Leveraging_Metadata_Machine_Learning.pdf\">Machine Learning<\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_R&amp;D_Track_PIN_Down_the_Malware.pdf\">PIN Down the Malware<\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_IR_Track_Taming_the_Wild_West.pdf\">Taming the Wild West: Finding Evil with Cloud &#8211; Based Analytical Tools<\/a><\/h5>\n<\/li>\n<li>\n<h5 class=\"r\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_R&amp;D_Track_How_I_Forced_An_Android.pdf\">how i forced an android vulnerability into bypassing MDM restrictions &amp; DIY malware analysis<\/a><\/h5>\n<\/li>\n<li>\n<h5 data-canvas-width=\"289.7418400000001\" data-angle=\"0\" data-font-name=\"Helvetica\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_Mgmt_Track_Cyber_Security_Meets_Corporate.pdf\">Cyber Security Meets Corporate Securities:The SEC&#8217;s Authority to Regulate Companies&#8217; Cyber Defenses and Corporate Directors&#8217; Fiduciary Responsibilities<\/a><\/h5>\n<\/li>\n<li>\n<h4 data-canvas-width=\"400.47743999999994\" data-angle=\"0\" data-font-name=\"Helvetica\"><a href=\"https:\/\/dl.mandiant.com\/EE\/library\/MIRcon2014\/MIRcon_2014_IR_Track_Applied_Detection_Analysis_Flow.pdf\">Applied Detection and Analysis Using Network Flow Data<\/a><\/h4>\n<\/li>\n<\/ul>\n<h5><\/h5>\n","protected":false},"excerpt":{"rendered":"<p>Using some Google-Fu, I was able to find some MIRCon 2014 presentation slides (sorry, no videos yet). Mandiant MIRCon 2014 Presentation Slides: R&amp;D Track: An Insight into Symbiotic APT Groups IR Track: The Best and Worst APT Malware OSX Malware Plists, Shell Scripts and Object-C Oh-My!\u00a0 APT Detection with Whitelisting and Log Monitoring Management Track: &hellip; <\/p>\n<p><a class=\"more-link btn\" href=\"https:\/\/adsecurity.org\/?p=472\">Continue reading<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,234,2],"tags":[43,251,252,250,575],"class_list":["post-472","post","type-post","status-publish","format-standard","hentry","category-security","category-security-conference-presentationvideo","category-technical-reference","tag-apt","tag-malware","tag-mandiant","tag-mircon2014","tag-powershell","item-wrap"],"_links":{"self":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/472","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=472"}],"version-history":[{"count":5,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/472\/revisions"}],"predecessor-version":[{"id":477,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/472\/revisions\/477"}],"wp:attachment":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=472"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=472"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=472"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}