Follow along as we take the D3FC0N Hacker Homecoming theme to the next level with a DFIR Report Homecoming Parade. The panel will provide additional context to various DFIR Reports released in the past year. Pick up some tips and tricks to up your game!
The DFIR Report Homecoming Parade will not discuss normal (BAU) CTI actions, such as searching the logs for hits on the IOCs or entering the IOCs into a Threat Intelligence Platform (TIP) or other alerting platform. Instead, the participants will focus on pivoting, TTPs, and how they would take the contents in the various DFIR Reports to the NEXT LEVEL! When the Panelists respond to the DFIR Reports, they are operating under the assumption that they performed the preliminary analysis and deemed the threat report relevant to their environment. The purpose of this assumption is to decrease the amount of debate on whether or not something is relevant to get to the part of the analysis that involves extracting actionable takeaways. 🤜💥🤛
- THE DFIR REPORT - IcedID to XingLocker Ransomware in 24 hours - Link
- Demystifying the “SVCHOST.EXE” Process and Its Command Line Options by @nas_bench - Link
- Hang Fire: Challenging our Mental Model of Initial Access by Matt Hand at SpecterOps - Link
- THE DFIR REPORT - SEO Poisoning – A Gootloader Story - Link
- Uncoder.io - Link
- Capability Abstraction by Jared Atkinson at SpecterOps - Link
- THE DFIR REPORT - 2021 Year In Review - Link
- THE DFIR REPORT - Qbot Likes to Move It, Move It - Link
- Where to begin? Prioritizing ATT&CK Techniques by Jon Baker of MITRE Engenuity - Link
- THE DFIR REPORT - Cobalt Strike, a Defender’s Guide - Link
Jamie is an adversary emulation engineer for The MITRE Corporation where he works with amazing people on various exciting efforts involving security operations and research, mostly focused on adversary emulation and behavior-based detections. He leads the development of MITRE ATT&CK® for Enterprise and has also led teams that help shape and deliver the “adversary-touch” within MITRE Engenuity ATT&CK Evaluations as well as the Center for Threat-Informed Defense (CTID).
Justin is currently serving as CTO/Hacker at TrustedSec and possess a background in red teaming, pentesting, and offensive research.
Kostas is a security researcher with many years of experience in the field. Coming from a technical background in incident response, he specializes in intrusion analysis and threat hunting. Kostas devotes most of his spare time to supporting the information security community by producing free threat intelligence reports as part of the DFIRReport effort, of which he is a member.
Avid learner, passionate about all things detection, malware, DFIR, and threat hunting.
Nicklas works as a Threat Research Analyst at the company Truesec, based in Stockholm/Sweden. Here he splits his time picking apart malware from threat actors and as a subject matter expert in Industrial Control System. Also a analyst contributor to The DFIR Report.
Dr. Xena Olsen is a Senior Manager - Cyber Threat Intelligence at a Fortune 100 Company. She is a graduate of SANS Women’s Academy with eight GIAC certifications, an MBA in IT management, and has a doctorate in Cybersecurity from Marymount University.
-
Thank you to BlueTeamVillage for hosting us, D3FC0N, the participants, and the people that provided the Threat Reports, Security Research and More that made this panel possible! <3