As a lead Mandiant Incident Responder for three years, I've worked countless high-profile investigations. Attackers frequently change their tactics once they discover that they have been identified. They also leverage new technologies that traditional security solutions do not account for.
With this in mind, I selected nine talks on real-world incident response and technical analysis for today's breaches. The talks offer a healthy mix between real-world IR experience, research, and techniques that defenders can use immediately.
Day one includes a talk from Brandon Sherman of Intuit on the challenges of performing cloud forensics in Amazon's AWS environment. FireEye analysts Barry Vengerik and Emmanual Jean-Georges will present insights into healthcare breaches and the attack groups who focus on them. Microsoft security data analysts Ram Shankar Siva Kumar and Peter Cap will focus on new visualization analysis techniques for IR scenarios. The day will wrap up with Marshall Heilmann and Evan Pena, two Mandiant red-team analysts, discussing their experience simulating advanced intrusions to accelerate the capabilities of responders and harden their environments.
Day two begins with a focus on modern code injection techniques by Udi Yavo from enSilo. Mandiant IR analysts Matt Bromiley and Jacob Christie investigate how to get the most evidence out of Microsoft SQL server compromises. Next, Ronnie Tokazowski from PhishMe will turn the tables by using intrusion and reconnaissance techniques against the attackers themselves. DomainTools's Tim Helming will present research on tracking malicious actors through TLD registrations, including examples from major public breaches. Finally, Mandiant analysts Matthew Dunwoody and Nick Carr will close the day by sharing their struggles and victories from one of Mandiant's most-demanding investigations of the year.
This year’s Incident Response track is filled with a wide range of seasoned responders focused on delivering new and compelling research, techniques, and experiences. Register for the Cyber Security Defense Summit here.