BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//conference.c3w.at//bsidesvienna-0x7ea//DWXGGT
BEGIN:VTIMEZONE
TZID:Europe/Vienna
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T020000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7ea-FHQ7JH@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20260627T171000
DTEND;TZID=Europe/Vienna:20260627T181000
DESCRIPTION:In this talk\, we walk through a real intrusion observed in an 
 EDR-monitored enterprise environment. The case did not start with a major 
 incident or a flood of alerts. It began with two ambiguous notifications i
 n the Defender portal that the customer could not immediately classify. Wh
 at looked like a minor signal turned into a live hunt: an operator attempt
 ing fileless execution\, interacting with endpoint controls\, trying to di
 sable or bypass defenses\, and carefully pivoting through the network.
DTSTAMP:20260702T214155Z
LOCATION:Mittlerer Saal (Track 1)
SUMMARY:Zero Files\, Zero Noise: Checkmate in Three. - Jonas Plitt
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7ea/talk/FHQ7JH/
END:VEVENT
END:VCALENDAR
