A Look Behind the Scenes: Responding to a Security Incident

Presented at Disobey 2023, Feb. 18, 2023, 8:30 p.m. (30 minutes).

Through the introduction of initial access brokers threat actors have new methods to compromise organizations. Initial access brokers monetize on selling compromised company credentials to other threat actors who then target these users and services to obtain initial access on the target organization. However, through the adoption of multifactor authentication (MFA) as a user access control threat actors have been forced to adapt to the situation and discover novel ways to bypass these security controls. In addition to preventative security controls, organizations are nowadays also required to have robust response procedures and broad detection capabilities to maintain an effective security posture and capabilities to detect and respond to emerging threats and attacks where compromised credentials are used for obtaining initial access to target organizations.

Presenters:

• Niklas Särökaari
  Niklas Särökaari is currently working at KONE security operations performing incident management and response, threat hunting and detection engineering. His previous experience is from security consulting with emphasis on offensive operations, such as adversary simulation and emulation engagements.

Links:

• https://disobey.fi/2023/profile/a_look_behind_the_scenes

Similar Presentations:

• DerbyCon 3.0 All in the Family (2013) / Password Intelligence Project – Advanced Password Recovery and Modern Mitigation Strategies
• DEF CON 30 (2022) / Badrats: Initial Access Made Easy Demo
• BalCCon2k22 - Loading (2022) / From Ember to Inferno - Exchanging emails, shouldn't lead to complete disaster