2024-09-19 –, Stage 2
In this talk, we delve into the world of Digital Forensics and Incident Response (DFIR). We will cover the basics, such as the process and terminology, and examine four distinct incidents. For each incident, I will explain the ‘what’ and ‘how’ of the attack, the lessons learned, and the often overlooked human aspect of incident response.
Business Email Compromise (BEC) Incident: We’ll explore a case where an adversary exploited a user and maintained persistence for a month to extract money.
Ransomware Incident: We’ll examine a company’s third ransomware incident, all of which happened within a span of 2 years, where the victim attempted to pay the ransom. We’ll discuss what went wrong during the recovery process
Wiper Incident: We’ll delve into a rare hacktivism attack where 95% of the victim’s infrastructure and data, including backups and logs, were deleted.
Failed Attempt: Sometimes, attackers have bad days too. We’ll look at an incident where the attackers gained access to the company’s infrastructure but failed to deploy or exfiltrate anything.
By sharing my experiences, I hope to help attendees with the knowledge to stay proactive against cyber attacks and, in the event of an incident, respond more effectively.
With over ten years of experience in IT security and systems engineering, I am a passionate and versatile CSIRT Manager / IT Security Researcher at White Hat IT Security, a leading company in defensive and offensive security. I enjoy collaborating with my team and other IT professionals, and I always strive to learn new skills and technologies. I spend most of my free time tackling RE and PWN challenges, conducting malware research, and, as a big fan of information sharing, writing blog posts on a monthly basis.