--[ Learning From the Mistakes of Others: Incident Response Edition
--[ presenter ]--[ Luke Pearson
--[ scheduled ]--[
Presenter
$ getent passwd lpearson . ├─── name: Luke Pearson ├──── org: Salesforce └─ social: └─ linkedin: in/Luke-Pearson-infosec/
Experience
I'm passionate about digital forensics and incident response (DFIR) and helping others get better in the same. I've been a dedicated DFIR practitioner for the last 6 years, and have worked over 50 breach response engagements in that time. I have experience working with law enforcement, government, law enforcement and emergency services and military organisations doing incident response and training members of these organisations in the same.
Abstract
"... learning by the mistakes of others is a far simpler and less expensive process than making them all yourself." - American Machinist, 1920. Despite being over 100 years old, this quote is still relevant to businesses trying to maintain their security today. So let's learn from other's mistakes! Join me on a journey through the compromise of a fictitious company, from initial access all the way through to mission complete. We'll take stops along the way to zoom in on how the attacker did what they did, and discuss what the victim could have done to prevent these actions from being successful. We'll also talk about steps the victim could have taken to make their environment more “investigation ready”, and highlight that because these steps were not taken, the investigation was not conclusive. Being derived from real-world incident response engagements, you'll literally be learning from the mistakes of others. None of these recommendations are new or exciting, but it's my genuine hope that by showcasing them in the context of an active breach, their value will shine, and you'll take these lessons back to work and implement them tomorrow!