3 Days left to get a GIAC Certification Attempt Included with Online Training - Dont Miss Out!

DFIR Prague Summit & Training 2017

Prague, Czech Republic | Mon, Oct 2 - Sun, Oct 8, 2017
This event is over,
but there are more training opportunities.

Lazarus APT vs The Banking Sector; Combining CTI & DFIR to Investigate APT Intrusions

  • Jess Garcia
  • Tuesday, October 3rd, 7:00pm - 8:00pm

‚In 2016 the Lazarus APT Group, recently tied to the North Korean government, heavily targeted the banking sector worldwide. Near $100M were stolen from the Bank of Bangladesh (which were very close to become $1B), and several others followed. At the end of 2016 the Polish and Mexican banking sectors were targeted, only to be discovered 4 months later. Extensive Cyber Threat Intelligence (CTI) was published in Open and Closed Sources about these incidents, allowing Incident Responders in the affected organizations to properly address the Threat, illustrating the key role that CTI plays in DFIR today.

In this talk Jess Garcia, who was fighting some of these incidents in the trenches with his team at One eSecurity, will show you how to combine Cyber Threat Intelligence, Forensics and Malware Analysis to carry out an effective Incident Response in the context of an APT Incident.‚


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Monday, October 2
Session Speaker Time Type
Phil‚s Tap House Philip Hagen Monday, October 2nd, 6:00pm - 7:00pm SANS@Night
Tuesday, October 3
Session Speaker Time Type
iOS Forensics: Where Are We Now; And What Are We Missing? Mattia Epifani Tuesday, October 3rd, 6:00pm - 7:00pm SANS@Night
Lazarus APT vs The Banking Sector; Combining CTI & DFIR to Investigate APT Intrusions Jess Garcia Tuesday, October 3rd, 7:00pm - 8:00pm SANS@Night