Practice New Skills with 4 Months of Free Core NetWars Continuous - Special Offer Ends 11/4!


To attend this webcast, login to your SANS Account or create your Account.

Hiding in plain sight: the menace of Business Email Compromise And Why undertaking a regular compromise assessment is key

  • Thursday, July 12, 2018 at 1:00 PM EDT (2018-07-12 17:00:00 UTC)
  • Bryan Yorke, David Hampton


  • CrowdStrike, Inc.

You can now attend the webcast using your mobile device!



Business Email Compromises (BECs) are a big problem across a multitude of industries. Threat actors, such as Nigerian Confraternities are the spearhead of this new genre of cyber fraud with losses that run into the billions of dollars. During the course of CrowdStrikes investigative work responding to BEC cases, we discovered a capability within Office 365 that allows for the retrieval of Outlook mailbox activity logs that far exceeds the granularity provided by existing, documented Office 365 log sources. And the best part is that this logging is enabled by default so even if you didnt enable logging in O365 prior to a BEC, youll be able to access this capability. In this CrowdCast we will detail how defend against the threat posed by BEC. Importantly, we will discuss how to identify BEC in the context of a broader compromise assessment focused on addressing current and past attacker. In this session you will learn:

  •    How BEC works and the nature of the threat that it poses to your organization
  •    Examples from real-life engagements of BEC in action
  •    How to access and use the O365 Activities API to better defend against BEC
  •    The role of Compromise Assessment (CA) in your security posture hygiene and why it should include an O365 BEC-CA.

Speaker Bios

Bryan Yorke

Bryan has experience in both government and private sectors helping organizations manage cyber risk and respond to targeted cyber threats. He runs the central region services practice and is responsible for delivering cyber incident response services as well as providing trusted advisory services for customer taking proactive measures to identify risks, detect threats and better secure their technology. Previously, Bryan work for Ernst & Young and was a Captain in the United States Airforce where he served as a Cyber Operations Officer.

David Hampton

David has spent nearly a decade focusing on the business side of cyber risk, large-scale Incident Response, and post-breach eDiscovery. He currently manages the CrowdStrike business for Incident Response and cyber-risk reduction for the Southern United States, Mexico, and South America. David has experience in facilitating hundreds of breach response engagements ranging from Nation-State to Financial Extortion. He has consulted with law enforcement, government agencies, corporation/enterprise, and law firms throughout his career.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.