PBR and Kittens

Presented at CactusCon 11 (2023), Jan. 28, 2023, 10 p.m. (60 minutes).

This talk will cover an incident involving APT 35 (Charming Kitten, Nemesis Kitten) and an Oil and Gas Client. We will discuss TTPs, IOCs, MITRE ATT&CK and the kill chain, and how we handled recovery. Presentation structure is based on the NIST Incident Response Lifecycle.

Presenters:

• Jacob Wellnitz - Incident Response Engineer and Post Breach Remediation Consultant
  Jacob Wellnitz, Incident Response Engineer and Post Breach Remediation Consultant 4 months dedicated to IR with Kudelski Security 14 months at an electric cooperative as NOC Analyst and Security Administrator 5 ½ years at a private nonprofit university, including as Systems Administrator, with a focus on security 4 years at AT&T in network monitoring and remediation roles
• James Navarro - Senior Incident Responder | Lead Threat Hunter
  Experienced Digital Forensics and Incident Response Consultant with a demonstrated history of responding to Ransomware, Business Email Compromises, Post Breach Response, Compromise Assessments, Vulnerability Assessment, Cloud Forensics and Endpoint Forensic investigations. Skilled in Threat Intelligence, Threat Hunting, OSINT, Digital Forensics and Incident Response, Network Forensics, and Endpoint Detection Response. DFIR Technology: Splunk, Elastic, LogRhythm, CrowdStrike, Carbon Black, Cisco AMP, Tanium, Defender, SentinelOne, Trend Micro Apex Central, Cyber reason, Trend Micro MDR One, Velociraptor, Kape, SOF-ELK, Palo Alto Cortex Courses: GCIH, GIAC, GCFE, GCFA, GNFA, GMON DFIR is not a job - Its a Lifestyle!

Links:

• https://cactuscon-11.sessionize.com/session/391599

Similar Presentations:

• GrrCON 2013 / Every time I load your app God kills a kitten
• Black Hat USA 2019 / MITRE ATT&CK: The Play at Home Edition
• BSidesDC 2019 / Keeping CTI on Track: An Easier Way to Map to MITRE ATT&CK