For too long attackers have leveraged the built-in APIs and tooling on Windows systems against us. It's time the tables are turned! Those APIs were made for Sys Admins and defenders... and we're taking them back! **We're building a framework of response tools for defenders to wrestle control from threat actors without the risk of production outages.** This talk will focus on techniques to turn the limited and traditional black-and-white incident response options into a full-color spectrum of alternatives for defending your turf. Attendees will walk away with ideas on how to leverage existing third-party Powershell scripts to stop intruders in their tracks and are encouraged to offer use cases that will produce more tools in the future.

Aaron Sawyer is an intern at InfoSec Innovations and post-baccalaureate student at the University of Maine. Between stints as a laboratory technician in an Astroparticle Physics Laboratory, Aaron worked as a Merchant Marine Engineer where he became a certified vessel security officer and discovered his love of breaking things in interesting ways.

Back to Circle City Con 2019 Videos list