The Log4J Rollercoaster - from an incident response perspective

Presented at Diana Initiative 2022, Aug. 11, 2022, 2 p.m. (60 minutes)

Log4J was a merry Christmas call for many teams around the world. This talk will share our story of how we were among the first to respond to in-the-wild attacks, helping the community manage and understand how to prepare for such an incident. Log4J did not catch us unaware, but we did not connect the dots at first. Who would have guessed that chatter of a new vulnerability in Minecraft is related to a wave of coinminer incidents we responded to? This talk will cover the line between threat intelligence, responding to cyber incidents, releasing open-source tools, and helping our customers and the community! We will not focus on the technical analysis of the vulnerability (there are plenty of talks like that already). Instead, our focus is on how an organization prepares for such incidents ahead of time. For example, laying the pieces in place to be ready for the unknown (e.g., being aware of vulnerabilities in vendor appliances before they are!)

Presenters:

• Brenton Morris
  Brenton leads Incident Response engagements on a daily basis. From sophisticated cloud attackers to ransomware events. Brenton has a unique set of combined security research and developer experience, allowing him to resolve many cyber-attacks while fully understanding the impact on production systems.
• Guy Barnhart-Magen - Profero
  In his role as the CTO for the Cyber crisis management firm [Profero](https://profero.io/) his focus is making incident response fast and scalable, harnessing the latest technologies and a cloud-native approach. Most recently, he led [Intel’s](https://intel.com/) **Predictive Threat Analysis** group which focused on the **security of machine learning systems** and **trusted execution environments**. At Intel, he defined the **global AI security strategy** and roadmap. He [spoke at dozens of events](https://productsecurity.info/talks/talk_secofml/) on the research he and the group have done on Security for AI systems and published several whitepapers on the subject. Guy is the [BSidesTLV](https://bsidestlv.com/) chairman and [CTF](https://bsidestlv.com/ctf/) lead, a [Public speaker](https://productsecurity.info/talks) in well-known global security events (SAS, t2, 44CON, BSidesLV, and several DefCon villages to name a few), and the recipient of the Cisco “black belt” security ninja honor – Cisco’s highest cybersecurity advocate rank. He started as a software developer for several security startups and later spent eight years in the IDF. After completing his degrees in Electrical Engineering and Applied Mathematics, he focused on **security research**, in real-world applications. He joined [NDS](https://nds.com/) (later acquired by [Cisco](https://cisco.com/)). He led the **Anti-Hacking, Cryptography, and Supply Chain Security** Groups (~25 people in USA and Israel).

Links:

• https://thedianainitiative2022.sched.com/event/15dC3/the-log4j-rollercoaster-from-an-incident-response-perspective

Similar Presentations:

• May Contain Hackers (MCH2022) / Detecting Log4J on a global scale using collaborative security
• ShmooCon 2023 / Escaping the Tar Pit and Securing the Supply Chain
• DEF CON 30 (2022) / Hundreds of incidents, what can we share?