Compromise Assessments: Best Practices & Lessons from the Field

Presented at BSides Austin 2018, March 9, 2018, 10 a.m. (60 minutes).

Compromise Assessments are a recent and hotly demanded service designed to inform organizations whether their networks are compromised or not. This is not an easy task, especially when it is not a network you are familiar with. In this talk, we will discuss some of the real-world challenges and best practices of conducting proactive hunts in other peoples' networks. From gaining access to finding persistent threats, malware, and misuse of credentials. We will explore defining, scoping, and conducting these types of assessments to effectively find possible threats while being as efficient and non-invasive as possible.

Presenters:

  • Chris Gerritz
    Chris is co-founder of Infocyte, a developer of threat hunting solutions focused on proactive breach discovery and response. Prior to founding Infocyte, Chris was an incident responder for the Air Force CERT. While there, he helped establish and led the DoD's first Enterprise-scoped Hunt Team. In this role, he led a team of 28 operators and analysts tasked with finding, tracking, and neutralizing state-sponsored threats on the Air Force's $2B, 800k node enterprise network. He personally conducted and/or oversaw 350+ adversarial hunt and rapid response missions on networks throughout the world. Chris holds a B.S. in Electrical & Computer Engineering from Oregon State University and is also an avid advocate and user of Powershell.

Links:

Similar Presentations: