SecTalks Perth 0x67
Details
Sectalks 0x67
Due to recent venue issues, we're changing venues. Please make sure to reach out if you want to Submit a talk, you can either;
- Reach out to a Sectalks Organiser directly
- New form coming soon (:tm:)
-----------------------
#0 - JohnU - Kernel ETW is the best ETW
When Microsoft introduced Kernel Patch Protection, security vendors were constrained in their ability to monitor the kernel. Given the limited number of kernel extension points provided by Microsoft they were increasingly compelled to rely on asynchronous Event Tracing for Windows (ETW) events for after-the-fact visibility of kernel actions on behalf of malware. Given this reliance, the documentation of these telemetry sources is unfortunately somewhat sparse. To compensate I’ve needed to write or modify tools to overcome these limitations and uncover useful ETW events.With a focus on kernel telemetry, this talk will cover this multi-year journey and my open-source contributions to making ETW knowledge more accessible for security practitioners.
John Uhlmann (he/him) is a Security Research Engineer at Elastic, where he focuses on scalable Windows in-memory malware detection. Prior to this he did similar work at the Australian Cyber Security Centre.
#1 - Matt - Talkback Features Walk-through
Matt will provide an update on Talkback, a smart infosec library, and provide a walkthrough of the features since his presentation earlier last year.
Matt is a Director at elttam.
# 2 - Bar?
After some chit chat from the talk, let's head to 43 Below, mingle, and chat (we still don't have a better idea for a bar)