Threat Activity Attribution: Diferentiatinn the Who from the How - Joe Slowik (BSidesCharm 2018) (Hacking Illustrated Series InfoSec Tutorial Videos)

Feel free to include my content in your page via my
RSS feed Follow @irongeek_adc

Help Irongeek.com pay for
bandwidth and research equipment:
Subscribestar or Patreon

Search Irongeek.com:

Affiliates:

Help Irongeek.com pay for bandwidth and research equipment:

Threat Activity Attribution: Diferentiatinn the Who from the How - Joe Slowik (BSidesCharm 2018) (Hacking Illustrated Series InfoSec Tutorial Videos)

Threat Activity Attribution: Diferentiatinn the Who from the How

Joe Slowik
@jfslowik

BSidesCharm 2018
http://www.bsidescharm.com

Typical attribution focuses on ‘whodunnit’ - with little clear benefit to network defenders. This talk will consider attribution by activity and behavior �" to develop strategies, playbooks, and responses to types of attack, while leaving nation state attribution to amateurs and reporters.

Joe Slowik currently hunts ICS adversaries for Dragos, pursuing threat activity groups through their malware, their communications, and any other observables available. Prior to his time at Dragos, Joe ran the Incident Response team at Los Alamos National Laboratory, and served as an Information Warfare Officer in the US Navy. Throughout his career in network defense, Joe has consistently worked to â€˜take the fight to the adversaryâ€™ by applying forward-looking, active defense measures to constantly keep threat actors off balance. When not hunting adversaries or playing with open source security projects, Joe loves playing ice hockey and building Legos.

Back to BSidesCharm 2018 list

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.