Level: Low Tech
Abstract:
In this talk, we delve into the world of Digital Forensics and Incident Response (DFIR). We will cover the basics, such as the process and terminology, and examine four distinct incidents. For each incident, I will explain the ‘what’ and ‘how’ of the attack, the lessons learned, and the often overlooked human aspect of incident response.
Business Email Compromise (BEC) Incident: We’ll explore a case where an adversary exploited a user and maintained persistence for a month to extract money.
Ransomware Incident: We’ll examine a company’s third ransomware incident, all of which happened within a span of 2 years, where the victim attempted to pay the ransom. We’ll discuss what went wrong during the recovery process.
Wiper Incident: We’ll delve into a rare hacktivism attack where 95% of the victim’s infrastructure and data, including backups and logs, were deleted.
Failed Attempt: Sometimes, attackers have bad days too. We’ll look at an incident where the attackers gained access to the company’s infrastructure but failed to deploy or exfiltrate anything.
By sharing my experiences, I hope to help attendees with the knowledge to stay proactive against cyber attacks and, in the event of an incident, respond more effectively.
Bio:
Dénes Fodor – with over ten years of experience in cybersecurity and systems engineering, I work as a CSIRT Manager and IT Security Researcher at White Hat IT Security. In my free time, I always try to learn something new, fight with RE/PWN CTF challenges, and keep up with the latest cyber threats.