Robert Wilson
Robert Wilson is the Director of Security Operations at the University of South Carolina. He has worked in IT since 1995 in both the public and private sector. In his current role he oversees incident response for the University of South Carolina system in addition to helping future cybersecurity professionals be successful in their careers. He lives outside Lexington, SC with his family.
frcolumba
Preferred Social Media –X/Twitter
Session
Like most large organizations, the University of South Carolina is under constant attack from adversaries. In particular universities deal with a lot of credential theft attacks that lead to internal phishing. Over the last year we've been tracking a threat actor whose TTPs include the use of residential proxies to bypass geography based conditional access. Little did we know that one of our incidents would lead us to investigate a door controller on campus that participated in a proxy network for profit! We'll talk you through both the threat actor tracking, the cat and mouse with the attackers, and the details of the IoT compromise. The talk touches on doing cloud based forensics for identity, clustering threat actor techniques for tracking, and an IoT forensics case which had us "hacking" our own device.