Tim Tomes and Mark Baggett
"Lurking in the Shadows"
In the past, hackers and pen testers have used various techniques to hide the presence of tools and information on compromised systems. Techniques such as alternate data streams in Windows, and directories with common names in Linux, have been basic implementations of such techniques. The addition of Shadow Copies to modern Windows operating systems provides us with yet another opportunity to conceal information on remote systems. This talk will discuss the history of concealing data within operating systems and new techniques and tools for doing so in modern Windows implementations.
Tim Tomes (LaNMaSteR53) is a Senior Enterprise Security Consultant for Accuvant Labs and security blogger for http://pauldotcom.com who specializes in penetration testing, web application assessments, and Python tool development. A former officer in the U.S. Army and 10 year veteran, Tim spent 3 years as the Senior Red Team Leader for the Army Red Team and was the principle designer of the Army's 1st CyberTraining program.
Mark Baggett (Mark Baggett) is the Technical Advisor to the DoD for the SANS Institute, an instructor for SANS, and a security blogger forhttp://pauldotcom.com. Mark is the owner and operator of In Depth Defense Inc, a private consulting firm that specializes in penetration testing and incident response.