Presented at
CactusCon 11 (2023),
Jan. 28, 2023, 10 p.m.
(60 minutes).
This talk will cover an incident involving APT 35 (Charming Kitten, Nemesis Kitten) and an Oil and Gas Client. We will discuss TTPs, IOCs, MITRE ATT&CK and the kill chain, and how we handled recovery. Presentation structure is based on the NIST Incident Response Lifecycle.
Presenters:
-
Jacob Wellnitz
- Incident Response Engineer and Post Breach Remediation Consultant
Jacob Wellnitz, Incident Response Engineer and Post Breach Remediation Consultant
4 months dedicated to IR with Kudelski Security
14 months at an electric cooperative as NOC Analyst and Security Administrator
5 ½ years at a private nonprofit university, including as Systems Administrator, with a focus on security
4 years at AT&T in network monitoring and remediation roles
-
James Navarro
- Senior Incident Responder | Lead Threat Hunter
Experienced Digital Forensics and Incident Response Consultant with a demonstrated history of responding to Ransomware, Business Email Compromises, Post Breach Response, Compromise Assessments, Vulnerability Assessment, Cloud Forensics and Endpoint Forensic investigations. Skilled in Threat Intelligence, Threat Hunting, OSINT, Digital Forensics and Incident Response, Network Forensics, and Endpoint Detection Response.
DFIR Technology:
Splunk, Elastic, LogRhythm, CrowdStrike, Carbon Black, Cisco AMP, Tanium, Defender, SentinelOne, Trend Micro Apex Central, Cyber reason, Trend Micro MDR One, Velociraptor, Kape, SOF-ELK, Palo Alto Cortex
Courses: GCIH, GIAC, GCFE, GCFA, GNFA, GMON
DFIR is not a job - Its a Lifestyle!
Links:
Similar Presentations: