2023-10-07 –, Track 5
As many in the security industry are all too well aware, malicious cyber actors often like to target victims when they may be asleep at the wheel or enjoying some time away from the keyboard -- think Friday night mass exploitation parties, or playing the role of the Grinch on Christmas. But what do you do when the gift you wake up to on Christmas morning turns out to be a years-old intrusion by a stealthy nation-state threat group? Sometimes the answer is to play the game by their rules. This talk will examine just such a case in which Rapid7's Managed Detection & Response and Incident Response services uncovered--and subsequently eradicated--an advanced Chinese threat actor from a customer network by turning the adversary's playbook on its head.
Lonnie Best has spent over 12 years in security, with his introduction to the field working physical security at a commercial nuclear power generating plant, and the last 6 of those years helping organizations detect and respond to security incidents as part of Rapid7's Managed Detection and Response (MDR) practice. His experience during that time is wide-ranging, including everything from responding to low-impact commodity malware, to working large-scale Incident Response engagements against advanced cyber criminal and nation state threat actors. Currently, Lonnie leads a team of world-class threat analysts in Rapid7 MDR's flagship Security Operations Center in Arlington, Virginia, and is helping to evolve traditional MDR service capabilities to extend into the realm of ICS/OT cybersecurity.
Lonnie recently ended his military career after serving over 11 years as a Signal Officer in the Army National Guard. His assignments included Platoon Leader and Executive Officer of a Brigade Engineer Battalion Signal Company; S6 for a Brigade Support Battalion; Company Commander of a Network Support Company; Brigade Information Systems Engineer for a Maneuver Enhancement Brigade; and, during the final two years of his service, Information Operations Planner within the 91st Cyber Brigade, where he helped plan and coordinate several major Critical Infrastructure cyber exercises.