NEW SANS Stay Sharp Training - Live Online: Quickly sharpen your skills with 2-day management courses. Save 25% thru tomorrow!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

SANS Data Incident 2020 - Technical Details Webcast

  • Tuesday, August 18, 2020 at 12:30 PM EDT (2020-08-18 16:30:00 UTC)
  • Mike Pilkington, Lance Spitzner, Rob Lee

You can now attend the webcast using your mobile device!

  

Overview

On August 6th, as part of a systematic review of email configuration and rules we identified a suspicious forwarding rule and initiated our incident response process. This rule was found to have forwarded a number of emails from a specific individual's e-mail account to a suspicious external email address. SANS focuses on teaching and sharing with the community. We also learn through experience and not everything can be learned in a classroom. We will share what we learned about the incident to the community in an effort to use the experience as a teaching moment for all. 

This webcast will walk through the technical details of the incident, how it happened, our investigation details, current indicators of compromises, and finally our overall lessons learned and security awareness recommendations to prevent these incidents in the future. 

Speaker Bios

Mike Pilkington

Mike Pilkington is a Senior Security Consultant for a Fortune 500 company in the oil & gas industry. He has been an IT professional since graduating in 1996 from the University of Texas with a B.S. in Mechanical Engineering. Since joining his company in 1997, he has been involved in software quality assurance, systems administration, network administration, and information security. Outside of his normal work schedule, Mike has also been involved with the SANS Institute as an instructor in the Digital Forensics and Incident Response program.


Lance Spitzner

Lance Spitzner has over 20 years of security experience in cyber threat research, awareness and training. He invented the concept of honeynets, founded the Honeynet Project and published three security books. Lance has worked and consulted in over 25 countries and helped over 350 organizations plan, maintain and measure their security awareness programs. In addition, Lance is a member of the Board of Directors for the National Cyber Security Alliance, frequent presenter, serial tweeter (@lspitzner) and works on numerous community security projects. Before working in information security, Mr. Spitzner served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois.


Rob Lee

Rob Lee is the curriculum lead and author for digital forensic and incident response training at the SANS Institute. With more than 15 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention and incident response, he provides consulting services in the Washington, D.C. area. Before starting his own business, Rob worked with government agencies in the law enforcement, defense and intelligence communities as a lead for vulnerability discovery and exploit development teams, a cyber forensics branch, and a computer forensic and security software development team. He also worked for a leading incident response service provider and co-authored Know Your Enemy: Learning About Security Threats, 2nd Edition.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.