Incident Response w/ Phil Kealy of Mandiant

  • 1871 322 West Merchandise Mart Plaza Chicago, IL, 60654 United States

Abstract:

Evolve Security Academy is fortunate to have Phil Kealy from Mandiant come in to discuss the incident response process through real life practical examples.

Scenario:

You are a cyber defender and see an interesting alert on your SIEM. You obtain live response data to properly investigate and now must determine if an advanced attacker has breached host.

Spoilers:

The SIEM alert was related to a dynamic DNS domain. Upon timeline analysis the analyst located additional suspicious domains and files. The attacker delivered the initial payload through a weaponized PDF document. After initial compromise, the attacker time stomped files, created registry keys to maintain persistence, and dumped credentials. 

Come by our event and learn the perfect response to handle security incidents.