My Little AWS IR Sandbox

Presented at ToorCon San Diego 20 (2018), Sept. 16, 2018, 3:30 p.m. (20 minutes)

A well-tuned security awareness program will fill up your team’s inbox with malware, phishing, and incident reports needing your immediate attention. With additional security tasks and multiple hats, you need to quickly analyze the malicious content delivered to the user’s inbox to triage the threat. Handling live malware is fun, but it’s also like handling a loaded bazooka. One misstep could get you fired (pun intended). This talk will discuss considerations, safety, tips, and steps to build your own Incident Response (IR) AWS sandbox used to quickly analyze malicious content without sacrificing production systems and networks.

Presenters:

• Michael Wylie
  Michael Wylie, MBA, CISSP is the Directory of Cybersecurity Services at Richey May & Company. Michael is responsible for delivering information assurance by means of vulnerability assessments, risk management, and training. Michael has developed and taught numerous courses for the Department of Defense, CSUN, Moorpark College, and clients around the world. Michael holds credentials from certifying bodies such as ISC2, Cisco, VMware, Dell, EC-Council, CompTIA, and more.

Links:

• https://frab.toorcon.net/en/toorcon20/public/events/117.html
• https://infocon.org/cons/ToorCon/ToorCon XX - 2018/My Little Aws Ir Sandbox - Michael Wylie.mp4
• https://infocon.org/cons/ToorCon/ToorCon XX - 2018/My Little Aws Ir Sandbox - Michael Wylie.Eng.srt (subtitles)
• https://www.youtube.com/watch?v=9JLUu6XeXuM

Similar Presentations:

• Black Hat USA 2016 / Hardening AWS Environments and Automating Incident Response for AWS Compromises
• BruCON 0x07 (2015) / Crowdsourced Malware Triage Workshop - Making Sense of Malware with a Browser and a Notepad Workshop
• BruCON 0x08 (2016) / Crowdsourced Malware Triage Workshop