Learning from the mistakes of others: Incident Response Edition

Presented at Canterbury Hacker Camp (2022), Nov. 25, 2022, 2:30 p.m. (Unknown duration).

"… learning by the mistakes of others is a far simpler and less expensive process than making them all yourself." - American Machinist, 1920. Despite being over 100 years old, this quote is still relevant to businesses trying to maintain their security today. So let's learn from other's mistakes!

Join me on a journey through the compromise of a fictitious company, from initial access all the way through to mission complete. We'll take stops along the way to zoom in on how the attacker did what they did, and discuss what the victim could have done to prevent these actions from being successful. We'll also talk about steps the victim could have taken to make their environment more "investigation ready", and highlight that because these steps were not taken, the investigation was not conclusive. Being derived from real-world incident response engagements, you'll literally be learning from the mistakes of others.

Presenters:

• Luke Pearson - Luke Pearson
  I was a Mandiant IR consultant for almost three years, where I participated in and led incident response engagements across businesses of all sizes and industries. Also at Mandiant, I had the distinct pleasure of delivering training to the next generation of incident responders, all around the world. Before that I helped a company build a SOC to implement follow the sun, and worked for the emergency services. I currently work at Salesforce as a cyber security incident manager, leading teams of incident responders through the murky waters of breach response.

Links:

• https://2022.chcon.nz/speakers/luke/

Similar Presentations:

• ToorCon San Diego 17 (2015) / How not to infosec
• BSidesLV 2014 / The Lore shows the Way
• DerbyCon 2.0 Reunion (2012) / Professional Pen Testing and Learning From Your Mistakes