2024-10-05 –, Track 1
VPNs, intended to provide secure access, are a prime target for advanced attacks. This talk arms DFIR practitioners with essential techniques for analyzing intrusions where VPN access was the initial entry point. Attendees will gain a deeper understanding of how threat actors exploit VPN vulnerabilities, bypass authentication mechanisms, and deploy malware. We will dive into real-world case studies, noting actionable indicators of compromise (IOCs) specific to VPN-related attacks, focusing on unusual network traffic patterns, privileged account abuse, and persistence techniques. Attendees will leave with actionable insights for improving incident response processes, developing threat intelligence, and proactively hardening VPN defenses.
Fernando Tomlinson is a Technical Manager for Digital Forensics and Incident Response at Mandiant/ Google Cloud. Prior to that, he served in the U.S. Army where he retired as a Cyber Warrant Officer. While serving, he was the Senior Technical Advisor for forensics and malware analysis at the U.S. Army Cyber Command, responsible for the defensive actions of all U.S. Army systems. He also served as a Technical Director of a Cyber Operations Center and has led multi-level Digital Forensics and Incident Response and threat hunting teams. Additionally, he is an Adjunct Professor at the University of Arizona and enjoys contributing to the community.