Next Meeting Thursday, October 8th, 2020 from 6:00 PM to 8:00 PM (Eastern)
The CI-ISSA chapter meetings will go on as planned this month. Registered attendees will receive Zoom meeting details the day of the event. Going Remote!
Concerned about Zoom’s security and privacy? Watch the SANS On Demand Webcast sans.org/u/11LS
First Presentation: Intel Briefing – 2020 DFIR Case Studies
Speaker: Max Henderson & Greg Bursic – Pondurance
Abstract:
Ransomware attacks have been devastating to the private sector, and now they are even exfiltrating sensitive data to purposely cause a data breach and further extort the victim. The Pondurance DFIR team has responded to countless ransomware attacks in recent years and has developed a total war strategy for taking back control of a network. In this presentation our analysts will discuss some of the common tactics of Ransomware threat actors seen in the latest attacks and how we combat them to contain, eradicate and recover back to a state of normalcy.
Speaker Bio:
Max Henderson
Max holds the position of Incident Response Lead and Senior Security Analyst. Max has been with Pondurance for nearly five years, with primary focuses on Threat Hunting and Response as well as Digital Forensics and Incident Response. Among many scenarios, Max has served as the Lead Investigator for a variety of advanced compromises of multi-billion dollar organizations ranging from total network, cloud and Active Directory compromises to complex social engineering schemes stemming from well-funded adversaries. Max excels at Memory Forensics, Disk Forensics, and Network Forensics. In addition to his forensics capabilities, Max contributes to the underlying schematics and strategies behind Pondurance’s Threat Hunting and Response platform and serves as a top escalation point for the SOC. Max possesses a Bachelor of Science (BS) degree in Computer Criminology with a focus on Digital Forensics from Florida State University.
Greg Bursic
As a Security Analyst at Pondurance, Greg has had the opportunity to grow and learn from highly skilled professionals. Early exposure to DFIR has quickly led him to serve as Lead Investigator for multiple cases ranging from advanced persistent threats to well-funded adversaries. This experience built his expertise in Forensics, Malware analysis and EDR management. Within the SOC, Greg continuously improves on Threat Hunting capabilities by building queries based on the TTP’s and IOC’s observed during engagements or from conducting research.
Second Presentation: Devops, Automation, and Data Processing for Infosec Teams
Speaker: Rush Vyas, Pondurance
Abstract:
This presentation focuses on utilizing some of the DevOps tools, automation tools, and data processing frameworks for information security purposes. The goal of this presentation is to introduce infosec people to tools and frameworks that can help reduce repetitive work and help with the automation of data processing/analysis. We will look at things such as automating C2 deployment, building AD lab for offensive/defensive testing, automating recon, malware analysis, forensic data processing, and more!
Speaker Bio:
Rushabh is a Security Analyst at Pondurance, where he does threat research, malware analysis, alert management, digital forensics & incident response, and tool development.