2024-10-05 –, Track 3
Like most large organizations, the University of South Carolina is under constant attack from adversaries. In particular universities deal with a lot of credential theft attacks that lead to internal phishing. Over the last year we've been tracking a threat actor whose TTPs include the use of residential proxies to bypass geography based conditional access. Little did we know that one of our incidents would lead us to investigate a door controller on campus that participated in a proxy network for profit! We'll talk you through both the threat actor tracking, the cat and mouse with the attackers, and the details of the IoT compromise. The talk touches on doing cloud based forensics for identity, clustering threat actor techniques for tracking, and an IoT forensics case which had us "hacking" our own device.
Robert Wilson is the Director of Security Operations at the University of South Carolina. He has worked in IT since 1995 in both the public and private sector. In his current role he oversees incident response for the University of South Carolina system in addition to helping future cybersecurity professionals be successful in their careers. He lives outside Lexington, SC with his family.
N'dia Thomas is a Senior Security Analyst at the University of South Carolina where she works as an incident handler and threat hunter. Prior to USC, N'dia worked at Calyptix Security as a cybersecurity threat analyst, helping create and maintain threat feeds. She has a Masters in Computer Science from Georgia Tech (OMSCS).