N’dia Thomas
N'dia Thomas is a Senior Security Analyst at the University of South Carolina where she works as an incident handler and threat hunter. Prior to USC, N'dia worked at Calyptix Security as a cybersecurity threat analyst, helping create and maintain threat feeds. She has a Masters in Computer Science from Georgia Tech (OMSCS).
imnotacountry
Preferred Social Media –X/Twitter
Session
Like most large organizations, the University of South Carolina is under constant attack from adversaries. In particular universities deal with a lot of credential theft attacks that lead to internal phishing. Over the last year we've been tracking a threat actor whose TTPs include the use of residential proxies to bypass geography based conditional access. Little did we know that one of our incidents would lead us to investigate a door controller on campus that participated in a proxy network for profit! We'll talk you through both the threat actor tracking, the cat and mouse with the attackers, and the details of the IoT compromise. The talk touches on doing cloud based forensics for identity, clustering threat actor techniques for tracking, and an IoT forensics case which had us "hacking" our own device.