Peeter Marvet
Peeter wanted to become a scientist when everybody else wanted to be firefighters and policemen. That was at the end of kindergarten. His previous positions were strategy and web development in a digital advertising agency, resident hacker at large web hosting provider and security evangelist in company building e-commerce experiences for major brands.
Currently intel analyst in C3EE, spending free time sailing and participating in marine SAR - so basically police & firefighting, but also working with people having fancy titles like data scientist.
Sessions
Security-related tools tend to be dual use, habit of editing URI bar to navigate a website may have surprising results and reporting a vulnerability while hinting a bounty sounds like ransom note.
Sounds like introspection of a security researchers? Could be also cybercriminal building their alibi. Or cybercrime police trying to tell the two apart. I'll talk about intel gathering, investigation and prosecution as process, explaining where we try to draw the line between good and evil - and how to make everybody's life easier by really appearing on the side of line you have chosen, illustrated by real life cases that can be discussed at the time of presentation.
Estonian web blue team has evolved Locked Shield defence and threat hunting toolkit over past 4 years and a lot of it could - and should - be used also in real life.
We'll run through the scenario of dockerising whatever webapps, secure configurations, WAF tricks and easy ways to make your logs usable. All templates - sidecar containers, configurations, etc - will be public, docker-savvy participants can follow our scenario on their own computers and the rest gets chance to interact with sample application and navigate through the resulting logs in real time.