Home
Company
Solutions
Products and Services
Support
Education
Blogs
About HBGary
Careers
Management
Press Releases
Events
Partners
Contact Us
Overview
Digital DNA
Advanced Persistent Threats
Early Targeted Attack Detection
Incident Response & Malware Analysis
Overview
Managed Services
Active Defense
Razor
Responder Pro
Responder Field
Responder LE
Free Security Tools
Request Evaluation Software
Overview
Tips and Tricks
EULA
Request HBGary Account
Overview
Training
Publications
Videos
Support :: Tips and Tricks
Overview
Tips and Tricks
EULA
Request HBGary Account
On Tuesday, every two weeks, HBGary hosts the “Tips & Tricks” webinar series that provides quick (approximately 15 minutes) how-to discussions featuring one of our products. Please join us in the learning experience! If you are unable to attend a specific webinar, you access the recorded session in the archive below.
2013 Tips & Tricks Schedule
Date
Title
Presenter
May 28th
Active Defense: Basic overview of how to use it, how it works
Systems Engineer, Jim Richards
June 4th
Responder Pro: Understanding “Normal Windows”
Senior Systems Engineer, Kris Gabor
June 11th
Active Defense: Effective permission settings
Systems Engineer, Garrett Hamilton
June 25th
Active Defense: Finding dynamically named malware modules based on location, size, DDNA range, loading processes
Senior Systems Engineer, Kris Gabor
July 9th
Active Defense: Common Status Codes & Fixes
Senior Systems Engineer, Kris Gabor
July 23rd
Active Defense: Reporting for network connection
Systems Engineer, Jim Richards
August 6th
Responder Pro: Where to Start, Malware: The Clear Indicators
Systems Engineer, Garrett Hamilton
August 20th
Active Defense: Correlating modules with processes, paths, attributes
Systems Engineer, Garrett Hamilton
September 3rd
Active Defense: Making sure users update agent version
Senior Systems Engineer, Kris Gabor
September 17th
Active Defense: reporting for network connection
Systems Engineer, Jim Richards
October 1st
Responder Pro: “The Starting Point” Windows Memory Analysis: Finding API Manipulation
Systems Engineer, Garrett Hamilton
October 15th
Active Defense: Finding specific memory mods
Systems Engineer, Jim Richards
October 29th
Responder Pro: Understanding Malware Strategies: On the Malware Level
Senior Systems Engineer, Kris Gabor
November 12th
Active Defense: Analysis of data filtering
Systems Engineer, Jim Richards
Tips & Tricks Archive
Active Defense Agent Deployment Planning
HBGary Systems Engineer Jim Richards, hosts a webinar about Active Defense Agent Deployment Planning. In this webinar, Jim covers all the salient points to consider when deploying an agent. HBGary Active Defense provides host-level detection and intelligence critical to protecting your data. Active Defense monitors host physical memory, raw disk, and live operating systems across the enterprise, and provides an unprecedented view of host-level threats. Once a potential threat is detected, Active Defense executes enterprise-wide, scalable host-level scans for breach indicators. To view this recorded webinar, please
click here
.
Automating Malware Analysis with REcon and Responder
HBGary Systems Engineer Garrett Hamilton-Conaty will provide some quick tips on how HBGary’s REcon technology, when used in conjunction with HBGary’s Responder Professional – the defacto standard for physical memory forensics and malware analysyis -- automates malware analysis. REcon records and graphs malware behavior at run-time so organizations can extract critical data from unknown executables. REcon allows organizations to recover actionable intelligence from the malware targeting their networks. To view this recorded webinar, please
click here
.
DDNA Traits Analysis -- High Risk Trait Combinations
HBGary Senior Systems Engineer Kris Gabor will provide some quick tips on HBGary’s Digital DNA (DDNA) trait analysis. DDNA is available with all of HBGary’s products, and allows incident response, forensics, or IT security personnel to quickly identify potentially malicious software running on computer systems. Rather than use signatures, DDNA analyzes the coding traits and behaviors of all software running in physical memory. Kris will review common DDNA trait types, and how they can be used to quickly identify suspicious software. To view this recorded webinar, please
click here
.
Active Defense: Gather registry hives, event logs, tasks with scan policies.
HBGary Systems Engineer Garrett Hamilton-Conaty will provide some quick tips on how to create top Active Defense scan policies for OS, PhysMem and Raw Disk. Active Defense has made it easier than ever to scan the multiple facets of any Windows machine with ease, providing unmatched visibility into a machine's Raw Disk, Live operating system and Physical memory. Garrett will provide the top scan policies that will allow you to harden your environment thereby making it costly for attackers to persist in your environment. To view this recorded webinar, please
click here
.
Responder Pro: Capturing Memory Images using FastDump Pro
HBGary Senior Systems Engineer Kris Gabor will talk about the first step of memory analysis: capturing a memory dump. He will review HBGary’s FastDump Pro tool and discuss the different modes in which memory can be captured, such as physical memory only, or both physical memory and the page file. To view this recorded webinar, please
click here
.
Responder Pro: Working with Canvas
HBGary Systems Engineer Garrett Hamilton-Conaty will provide some quick tips on using the Canvas feature in Responder Pro. Responder Pro offers the user a unique visual interpretation of a target binaries control flow. This functionality known as the “Canvas View” highlights key data structures and API calls enabling quick efficient capability analysis. With Canvas, users can spend more of their time analyzing malware and less time crunching line after line of assembly code.To view this recorded webinar, please
click here
.
Active Defense: Gather registry hives, event logs, tasks with scan policies.
HBGary Senior Systems Engineer Kris Gabor will provide a deep dive into Active Defense, and review the Scan Policies feature – and its ability to gather various types of artifacts from the physical memory, hard drive, or operating system of a target endpoint system. In particular, we will look at how Scan Policies can be used to retrieve information about individual Windows services that are running on a given endpoint. To view this recorded webinar, please
click here
.
Active Defense: Reporting for file information, attributes & metadata
HBGary Systems Engineer Jim Richards will demonstrate how to locate suspicious files on the host file system using the Volume Map feature. Jim will then turn specific file attributes such as Last Accessed Time and file size into actionable threat intelligence for use in a Scan Policy to search the enterprise for other compromised systems. To view this recorded webinar, please
click here
.
Active Defense: Report Query for Rootkits
HBGary Systems Engineer Garrett Hamilton-Conaty will demonstrate how Active Defense’s utilization of HBGary’s DDNA technology allows the user to quickly identify rootkits across the enterprise by querying for key rootkit features and functions. To view this recorded webinar, please
click here
.
Responder Pro: Filter Plugin
HBGary Systems Engineer Richards will demonstrate how to acquire and use the Filter Plugin, now available for Responder Pro. In the Digital DNA tab, the filter plugin allows the user to add modules to a filter list, giving the user the ability to remove modules from view. The user can quickly and easily import and export filters in an effort to make physical memory analysis faster and more efficient.
To view this recorded webinar, please
click here
.
Responder Pro: Script Tips
This webinar session will provide an overview of how to get started creating plug-ins for HBGary Responder. Senior Systems Engineer, Kris Gabor, will provide a general introduction and discuss some examples, and then do a demo. For the demo, Product Manager Frank Blackmore will provide a live walkthrough of setting up a Visual Studio project for Responder plug-in creation.
To view this recorded webinar, please
click here
.
Digital DNA 2.0 vs Digital DNA 3.0: What's New?
Just as the threat actors themselves have evolved, so must the technology used to detect and defend against such threats. HBGary first developed Digital DNA, a revolutionary technology to detect advance cyberthreats within physical memory without relying on the Windows operating system, with this principle in mind. In this webinar, Systems Engineer Garrett Hamilton will provide an overview of the next-generation version of Digital DNA, Digital DNA 3.0, which offers several new unique features built into this proven technology that simplifies the process of responding to incidents and performs memory forensic analysis in a timely manner. To view this recorded webinar, please
click here
.
Active Defense: Deploying to XP and Windows 2003 System
Deploying the Active Defense agent to Windows XP systems might not be as straightforward as one would think. There are several special considerations that must be addressed when planning deployment to Windows XP systems. Join Jim Richards for the important time-saving tips and tricks to learn how to prepare Windows XP systems for DDNA agent deployment.
To view this recorded webinar, please
click here
.
Active Defense: Find all instances of static filename
Overview and demonstration of how to use the reporting features of Active Defense for rapid searching of the database. Examples will range from simple searches for open files, network connections, memory modules, and unwanted programs – up to more complex searching for multiple malware indicators. Searches such as these allow incident responders to quickly extract relevant information from the comprehensive data set harvested by the Active Defense agent from the physical memory of the endpoint.
To view this recorded webinar, please
click here
.
Active Defense: Effective use of the Volume Maps
In this Tips and Tricks session, Jim Richards, Systems Engineer, will demonstrate how to effectively use Volume Maps to view and collect important files and artifacts from a managed endpoint. Volume Maps provide a Windows Explorer-like view for file system browsing and analysis, and is an essential tool for performing incidence response and collecting valuable forensic data.
To view this recorded webinar, please
click here
.
Active Defense: Agent Management: Methods for Agent Removal
During the webinar session “Active Defense: How to deal with non-deleting Agents”, HBGary Senior Systems Engineer Keith Weisman, will cover operational considerations of the HBGary agent. Specific examples will be provided on methods for agent removal. Furthermore, we will be discussing the new flat licensing structure and how this affects agent licensing.
To view this recorded webinar, please
click here
.
Share