NOAH: Uncover the Evil Within! Respond Immediately by Collecting All the Artifacts Agentlessly

Presented at Hackfest 2017, Nov. 3, 2017, 3:30 p.m. (Unknown duration)

Imagine the moment you realize that a malicious threat actor has compromised your network and is currently going through your confidential information. Faced with this dreadful scenario, you initiate an Incident Response.

We have built an open source Incident Response framework based on PowerShell to help security investigation responders to gather a vast number of key artifacts without installing any agent on the endpoints thus saving precious time.

Our goal is to provide a community-driven scalable platform allowing Incident Response teams across the world to efficiently hunt from the get-go of an incident without having the need to develop ad hoc tools or waste time installing an agent on every endpoint when the incident occurs. We aim to present complex data in an understandable format therefore allowing investigators to respond as quickly as possible.

At a time when the malicious threat actors could have breached your network in multiple ways and left backdoors in the most inconspicuous locations, how fast would you want him found when every second counts?

Presenters:

• Pierre-Alexandre Braeken
  Pierre-Alexandre Braeken is an accomplished and highly experienced security professional with over 14 years of experience in engineering and system architecture. In his career, having acquired the MCSE, MCSA, MCITP certifications, he has focused specifically on security and specializing in the implementation of large projects for businesses relying on the Microsoft infrastructure and alternative platforms. He is a Microsoft Certified Solutions Expert in Cloud Platform and Infrastructure. He has an excellent command and understanding of information security, security architecture and secure application development, as well as strong analytical skills pertaining to enterprise situations, risk and contingency plans. He's focused on assisting organizations across Canada with implementing effective threat detection, response capabilities and performing red teaming activities. He does unique security research and speaks at major international security conferences:

Links:

• https://hackfest.ca/en/2017/speakers2017/#noah

Similar Presentations:

• DeepSec 2018 „I like to mov &6974,%bx“ / Leveraging Endpoints to Boost Incident Response Capabilities
• GrrCON 2018 / Structuring your incident response could be one of the most important things you do to bolster Security
• Kernelcon 2022 / Improving Cloud Incident Response without Throwing Shade