SANS Offensive Operations West 2021 features 10+ Live Online courses, Core NetWars, and Coin-A-Palooza! Register now.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Business Email Compromise & Office 365: Making Sense of All the Noise

  • Tuesday, July 17, 2018 at 9:00 AM EST (2018-07-17 13:00:00 UTC)
  • Matt Bromiley

You can now attend the webcast using your mobile device!



Office 365, or O365, has made online applications easier for businesses of all sizes. Its also created a significant attack vector that attackers have been exploiting for years to the tune of BILLIONS a year. Business Email Compromise, or BEC, is the name given to these types of email-based attacks that have cost businesses over $12 billion, and show little sign of slowing down. Its time we turn the tables.

In this webcast, we will examine how and why O365 has become such a successful attack vector. Specifically, we are going to examine examples of spoofed and fraudulent emails and how the attackers work to understand the flow of money within your organization. We will also going to look at attacker infrastructure and examine sample code that they use to pilfer credentials from your organization.

We are not stopping there we will also talk about how you can defend yourself against these attacks. We've got a brand new tool to release for O365 log analysis - OLAF. We will also talk about what you can do inside O365 RIGHT NOW to protect yourselves against these types of attacks.

Join us for a packed session of attacker tactics, log analysis, defensive mechanisms, and more!

Speaker Bio

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.