Agenda | Monday, August 15, 2022
9:45 - 10:00 AM CT
Welcome & Opening Remarks
Domenica "Lee" Crognale, Certified Instructor, SANS Institute
10:00 - 10:40 AM CT
[Air]Tag You're It!
We're taking a look through location artifacts generated by Apple's AirTag, iOS, and macOS devices within the FindMy application. With Apple’s release of the AirTag and their market share giving them a huge network of devices for the FindMy environment, more and more devices need to be quickly located in cases. This presentation will cover how to quickly identify these FindMy artifacts using Magnet AXIOM to track AirTag, iOS, and macOS devices as well as their last known location from only a single piece of evidence.
Chris Vance, Senior Technical Forensics Consultant, Magnet Forensics
10:45 - 11:25 AM CT
Cybersecurity Incident Response Best Practices
66% of IT managers said they were hit by a ransomware attack in the last year*. In almost three-quarters of these cases, criminals succeeded in encrypting data. While nothing can fully alleviate the stress of dealing with cyberattacks like these, knowing what to do in advance will help you defend your organization. During this talk, our cybersecurity incident response experts will cover:
*The State of Ransomware 2022
Michael Pertuit, Senior Sales Engineer, Sophos
11:30 - 12:10 PM CT
A Floppy Disk, the Internet, and a Threat Hunter
In order to stop the enemy, you must first understand the enemy. This highly informative history of ransomware ranges from one of the first known attacks to modern techniques attackers use today. You’ll learn how the model has changed from an opportunistic smash-and-grab method to a low-and-slow targeted approach and ransomware-as-a-service. This discussion includes critical information for on premises as well as the cloud.
Peter Steyaert, Senior SE Manager - ThreatINSIGHT, Gigamon
12:15 - 1:15 PM CT
1:15 - 1:55 PM CT
Keep Your Vendors Close and Your Attackers Closer: IR for Software Supply Chain Attacks
Software supply chain attacks have now overtaken phishing as the most common initial intrusion vector (M-Trends). While focus has been on prevention tactics, vendor relationship management, and software bills of materials (SBOMs), there is a gap around incident response. This talk will deliver guidance on:
Justin Burns, Engineering Manager - Security, ExtraHop
2:00 - 2:40 PM CT
Network Forensics & Incident Response with Open Source Tools
Open source security technologies such as Zeek, Suricata, and Elastic can deliver powerful network detection and response capabilities, and the global communities behind these tools can also serve as a force multiplier for security teams, such as accelerating their response times to zero-day exploits via community-driven detection engineering and intel sharing. This presentation will review popular open source technologies used in network DFIR and cover use cases, integrations, and open source design patterns.
John Gamble, Sr. Director of Product Marketing, Corelight
2:45 - 3:00 PM CT
3:00 - 3:40 PM CT
Integrating DNS Threat Intelligence Across the SOC
SOC teams have a lot of options for SIEM / TIP / SOAR solutions but the need for accurate and timely threat intelligence data is a constant. In this session we will look at the benefits of using our APIs via 3rd party integrations and learn how to:
Taylor Wilkes-Pierce, Sales Engineer Lead, DomainTools
3:45 - 4:25 PM CT
Pentera 101: Changing the Game of Offensive Security
This session will walk through a demonstration of Pentera: The Automated Security Validation solution. Organizations over the years have been following a defense in depth model to protect their critical assets. While this strategy makes sense; the tools, processes, and procedures surrounding this initiative have grown significantly. How confident can organizations be that each layer and the enormous effort undertaken is working effectively? Chad will take the time to walk through how Pentera can validate which risks are present, which mitigative efforts are working efficiently, and how security practitioners of all expertise can leverage Pentera both internally and externally to know with certainty how strong the security posture actually is.
Chad Smith, Director of Channel & MSSP, Pentera
4:30 - 5:15 PM CT
Hunting Advanced Threats with Forensic Analysis
As threat actors and their attack methods become increasingly intricate, the demand for more sophisticated threat-hunting and analysis tools has increased. Devo Security Operations enables analysts to conduct sophisticated forensic analyses and rapid threat hunting, with the ability to:
Join this session to see how Devo Security Operations enable analysts to expedite the investigation and analysis of suspicious IOCs and help mitigate the risk advanced threats pose to your organization.
Vlad Babiuk, Product Manager, Devo
5:15 - 5:30 PM CT