Analyzing Intrusions & Intruders

Presented at DEF CON 15 (2007), Aug. 3, 2007, 10 a.m. (50 minutes)

Intrusion Analysis has been primarily reserved for network junkies and bit biters. However, due to the advances in network systems automation we now have time to pay more attention to subtle observations left by attackers at the scene of the incident. Century old sciences have enabled criminal investigators the ability attribute attacks to specific individuals or groups.

Presenters:

• Sean M. Bodmer - Savid Technologies, Inc.
  Sean M. Bodmer is an active developer and deployer of intrusion detection systems. Sean is also an active Honeynet Researcher, specializing in analyzing signatures and behaviors used by the blackhat community regarding patterns, methods, and motives behind attacks. Currently Sean is working on a highly-adaptive sensor network under a joint commercial venture in which global sensors are deployed to generate better understandings of various attack approaches and techniques.

Links:

• https://defcon.org/html/defcon-15/dc-15-speakers.html#Bodmer
• https://infocon.org/cons/DEF CON/DEF CON 15/DEF CON 15 video/DEF CON 15 - Sean Bodmer - Analyzing Intrusions and Intruders - Video.mp4
• https://www.youtube.com/watch?v=X2lEUh9V10Y