I realized that I have a few presentations but don’t have them linked on my site. I’m a bad webmaster.
Live Fire data breach incident drill – Constance Snelling and Bryan Murphy
Lansing ISSA Chapter
November 19, 2020
This session walked through the actions taken by various parties throughout a company during a ‘Live Fire’ data breach incident drill. In this drill, a threat intelligence vendor notified the Company’s Threat Intelligence department, through established communication lines, that customer data was for sale on the Dark Web.
Account Take Over (ATO) Threat Actor: Tactics, Techniques, Communications, and Underground Culture
January 9, 2019
Account Take Over (ATO) has become a large attack vector and many infosec professionals find themselves plunged into this unfamiliar world. One day you are working malware, IDS alerts, and employee misuse, as you always have. Suddenly you are in a world of financial fraud, tracking digital transactions, listening to phone calls and model threat actor TTPs. This presentation talks about the problem of ATO, how an organization can prepare themselves to deal with the issue, and most importantly, how the underground works. This will include how fraudsters communicate, tools of their trade and, how they monetize and launder their money. A good time will be had by all. No punch or pie will be provided.
The Semi-Coherent Ramblings of an Over-the-hill Incident Response and Forensics Guy
February 14, 2018
An InfoSec/IR veteran passes on valuable lessons, learned over the course of long and exciting career. The diversity of my work has lead to some interesting situations. From universities to defense; financial services to web hosting. Chances are I have seen it and learned something worth passing on about it. I will try to keep the ramblings as coherent as possible, but can’t make any promises on limiting the number of memes.