Alfie Champion

Alfie is a founder of and specialises in the delivery of attack detection and adversary emulation services. He actively contributes educational content, tooling and blogs to further the industry. He has previously worked with organisations across multiple industry verticals to uplift and validate their detective capability through red or purple team engagements, and now leads the global adversary emulation function at a FTSE 250 company. He has previously spoken at BlackHat, DEF CON, RSA and Blue Team Con.


Email Detection Engineering and Threat Hunting
Josh Kamdjou, Alfie Champion

Email remains the #1 initial access vector for commodity malware and nation state actors. Historically, tackling email-based threats has been considered the purview of black-box vendor solutions, with defenders having limited scope (or tooling!) to swiftly and effectively respond to novel offensive tradecraft.

In this training, attendees will be given detailed insight into the latest techniques used to deliver prevalent malware strains, including QakBot and Emotet, and will hunt through email data to identify this malicious activity, developing rules to detect and block these attacks.

Initially attendees will be introduced to the foundational technologies that enable threat hunting and detection engineering in the email domain, before being given access to the email data of a fictitious company seeded with benign and real-world attack data.

Attendees will be guided through the rule creation process, utilizing free and open detection engines including Sublime and Yara, and will be introduced to the signals that can be used to craft high-fidelity rules, including sentiment analysis, domain age, and attachment analysis. Having completed the training, attendees will have a strong understanding of the tools and techniques at their disposal to defend their organizations from all manor of email threats.

Workshop Room 5