�ݺ�ߣshows by User: MatthewDunwoody1

�ݺ�ߣshows by User: MatthewDunwoody1 / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: MatthewDunwoody1 / Tue, 27 Sep 2016 02:18:45 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: MatthewDunwoody1 No Easy Breach DerbyCon 2016 /slideshow/no-easy-breach-derby-con-2016/66447908 noeasybreach-derbycon2016-160927021845
Every IR presents unique challenges. But - when an attacker uses PowerShell, WMI, Kerberos attacks, novel persistence mechanisms, seemingly unlimited C2 infrastructure and half-a-dozen rapidly-evolving malware families across a 100k node network to compromise the environment at a rate of 10 systems per day - the cumulative challenges can become overwhelming. This talk will showcase the obstacles overcome during one of the largest and most advanced breaches Mandiant has ever responded to, the novel investigative techniques employed, and the lessons learned that allowed us to help remediate it. Details a massive intrusion by Russian APT29 (AKA CozyDuke, Cozy Bear)]]>
Every IR presents unique challenges. But - when an attacker uses PowerShell, WMI, Kerberos attacks, novel persistence mechanisms, seemingly unlimited C2 infrastructure and half-a-dozen rapidly-evolving malware families across a 100k node network to compromise the environment at a rate of 10 systems per day - the cumulative challenges can become overwhelming. This talk will showcase the obstacles overcome during one of the largest and most advanced breaches Mandiant has ever responded to, the novel investigative techniques employed, and the lessons learned that allowed us to help remediate it. Details a massive intrusion by Russian APT29 (AKA CozyDuke, Cozy Bear)]]> Tue, 27 Sep 2016 02:18:45 GMT /slideshow/no-easy-breach-derby-con-2016/66447908 MatthewDunwoody1@slideshare.net(MatthewDunwoody1) No Easy Breach DerbyCon 2016 MatthewDunwoody1 Every IR presents unique challenges. But - when an attacker uses PowerShell, WMI, Kerberos attacks, novel persistence mechanisms, seemingly unlimited C2 infrastructure and half-a-dozen rapidly-evolving malware families across a 100k node network to compromise the environment at a rate of 10 systems per day - the cumulative challenges can become overwhelming. This talk will showcase the obstacles overcome during one of the largest and most advanced breaches Mandiant has ever responded to, the novel investigative techniques employed, and the lessons learned that allowed us to help remediate it. Details a massive intrusion by Russian APT29 (AKA CozyDuke, Cozy Bear) <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/noeasybreach-derbycon2016-160927021845-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> Every IR presents unique challenges. But - when an attacker uses PowerShell, WMI, Kerberos attacks, novel persistence mechanisms, seemingly unlimited C2 infrastructure and half-a-dozen rapidly-evolving malware families across a 100k node network to compromise the environment at a rate of 10 systems per day - the cumulative challenges can become overwhelming. This talk will showcase the obstacles overcome during one of the largest and most advanced breaches Mandiant has ever responded to, the novel investigative techniques employed, and the lessons learned that allowed us to help remediate it. Details a massive intrusion by Russian APT29 (AKA CozyDuke, Cozy Bear)

No Easy Breach DerbyCon 2016 from Matthew Dunwoody

]]> 42629 17 https://cdn.slidesharecdn.com/ss_thumbnails/noeasybreach-derbycon2016-160927021845-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-MatthewDunwoody1-48x48.jpg?cb=1474942725