SO-CON 2020
Contact Us

Will Schroeder

Lee Christensen

One of the most overlooked, but we argue most important, phases of an offensive engagement is host situational awareness. The data you initially collect from a compromised host can mean the difference between detection or achieving your goal. “Everything is stealthy until someone is looking for it” - any action you take on a host is a detectable risk. The more data you’re able to gather during your situational awareness phase the better risk-based decisions you can make as the engagement progresses. In addition, situation awareness details the target environment’s landscape. This informs attackers what capabilities/techniques they can use in the environment and informs their attack strategy and plans. This talk will cover data of interest (from defensive configurations to event log mining), methods of collection, and the interpretation of these data sources. Come strap on your Seatbelt and learn how to up your tradecraft game through data you may have been overlooking on operations.