A Post Incident Case Study for SMB Response Teams | Amanda Berlin

🔗 Join us in-person and virtually at our Wild West Hackin' Fest: information security conferences — https://wildwesthackinfest.com/

This presentation will delve into a real-world cybersecurity incident involving a masked application attack on an SMB environment. Using an anonymized incident narrative, we'll walk through the response process from the perspective of a small to medium-sized business team. The presentation will highlight the importance of early detection, the challenges of identifying sophisticated threats, and the critical role of proper incident response procedures.

We'll examine the attack timeline, from the initial malware download disguised as legitimate software to the attacker's lateral movement and attempts at data exfiltration. Key focus areas will include the significance of user awareness, the value of multi-layered security controls, and the effectiveness of SIEM and endpoint detection solutions in identifying suspicious activities.

The presentation will also cover practical lessons learned, including the importance of least privilege principles, robust password policies, and regular security testing. We'll discuss how SMBs can improve their security posture by implementing these lessons and leveraging available tools and best practices.
By analyzing this incident, attendees will gain valuable insights into real-world attack techniques, effective response strategies, and proactive measures to enhance their organization's cybersecurity resilience. The session will conclude with actionable takeaways for SMBs to better prepare for and respond to similar threats in their own environments.

///Black Hills Infosec Socials
Twitter:   / bhinfosecurity  
Mastodon: https://infosec.exchange/@blackhillsi...
LinkedIn:   / antisyphon-training  
Discord:   / discord  

///Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.mysh...

///Black Hills Infosec Services
Active SOC: https://www.blackhillsinfosec.com/ser...
Penetration Testing: https://www.blackhillsinfosec.com/ser...
Incident Response: https://www.blackhillsinfosec.com/ser...

///Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: https://www.backdoorsandbreaches.com/
Play B&B Online: https://play.backdoorsandbreaches.com/

///Antisyphon Training
Pay What You Can: https://www.antisyphontraining.com/pa...
Live Training: https://www.antisyphontraining.com/co...
On Demand Training: https://www.antisyphontraining.com/on...
Antisyphon Discord:   / discord  
Antisyphon Mastodon: https://infosec.exchange/@Antisy_Trai...

///Educational Infosec Content
Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest YouTube:    / wildwesthackinfest  
Antisyphon Training YouTube:    / antisyphontraining  
Active Countermeasures YouTube:    / activecountermeasures  
Threat Hunter Community Discord:   / discord  

Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/