WinSCP: Yeah you know me! | SANS@MIC Talk
This presentation covers the artifacts related to WinSCP. WinSCP has traditionally been associated with external access and exfiltration. However, with some recent changes to Windows 10, WinSCP is an attractive option for attackers to leverage to fly under the radar to conduct lateral movement. Join me on a trip through the '90s as we cover WinSCP and the forensic artifacts associated with it.
Speaker Bio
Mari DeGrazia brings her puzzle-solving skills to her position as Senior Director of Incident Response at Kroll Cyber Security, where she leads high-profile incident response cases and helps clients find and respond to attackers in their environment. In her role as a SANS instructor for FOR500: Windows Forensic Analysis, Mari draws on nearly 20 years of experience in the IT industry, including 10 years in Digital Forensics and incident Response (DFIR).