SOC Summit Talk: Needle Hunting: An Endpoint Investigation Cheat Sheet

With Patterson Cake

How do you investigate – let alone understand – an endpoint operating system with more than 50 million lines of code?

Join Patterson Cake, Black Hills Infosec Director of Incident Response, for a technical session outlining a prioritized approach to endpoint investigations, focusing on where and how unauthorized access and activity impact Windows and Linux.

You’ll learn about the endpoint “attack surface,” prioritization of operating-system artifact selection, suggested workflow for artifact acquisition, and a methodology for identification of indicators of compromise.

Chat with your fellow SOC Summit attendees in the Antisyphon Discord server: https://discord.gg/antisyphon

---

 This talk is part of the Antisyphon Training SOC Summit, a free, 6-hour, live virtual event designed to give you an honest, practical look at what it’s really like to work in a SOC.

For those who want to go further, multiple hands-on, high-quality, and affordable training courses are available March 26-April 10 to help you deepen your skills and become more effective at protecting what matters most.

Patterson Cake will be teaching his Incident Response Simplified class on April 3.

See the entire Antisyphon Training Course Catalog for affordable cybersecurity training! 

---