AV will fail. Users will open malicious email attachments and click links. Systems will get pwnd. This talk is about endpoint remediation. The need for full system rebuilds is a thing of the past. SOC teams should be remediating infected systems with confidence. This concept is completely foreign to most SOC analysts and organizations. I fully outline how to overcome this irrational fear.

Brandon brings 7+ years of DFIR experience. Currently, he leads a team who remediates malware, with extreme prejudice, from client systems with the goal of zero downtime. He's done just about everything in DFIR to some degree: front line alert monitoring, intrusion response, internal investigations, deep dive host forensics, pcap analysis, threat intel, and threat hunting. He has a passion for anything infosec.

Back to BSidesSTL 2019 video list