addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1linklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

October Lunch Meeting

IMPORTANT: Remember to RSVP and pay at

Description: ISSA-LA October Lunch Meeting

Topic: How threat actors are using your databases against you – Hacking databases to maintain access to your network

Economic Crime threat actors continue to increase their sophistication and their ability to gain and maintain access to an organization’s network for an extended period of time.  This presentation will discuss many of the tactics we have observed based on our actual network intrusion investigations over the past few years.  Attendees will learn how the threat actors gain access, use databases to conduct reconnaissance and, how they identify the crown jewels located inside the databases. In our presentation, we will identify the tools and tactics used by threat actors to exploit external web servers and leverage legitimate connections to database system to conduct their malicious activities.  By leveraging legitimate connectivity to the databases, the actors are able to bypass many of the traditional security controls on the operating system and leave very little evidence of the attack.

We will show you a live demonstration of how these attacks are conducted

How threat actors use databases to conduct network AND database reconnaissance

How threat actors are able to identify the crown jewels in the database very quickly

By attending this session you will be able to learn key vulnerabilities threat actors are using to gain access to your network.  You will learn effective methods to prevent, detect and contain these types of attacks.  We will identify key controls that should be in place on your databases in order to protect your crown jewels once the threat actors have accessed your databases.

Speakers: Jeff Lowell & Leigh Ulpen

Leigh Ulpen is a Manager in PwC’s Forensics Services practice with 7 years of experience in the fields of forensic investigations, regulatory response, litigation support, databases and data analysis. Mr. Ulpen has worked with banking and high technology clients globally, providing custom solutions, services and support for key initiatives. Additionally Leigh provides SQL Server forensic and database support for cybercrime investigations and incident response engagements. Recently Leigh helped with a large data breach investigation to rebuild and understand the workings of a targeted attack. Leigh holds a Bachelor of Applied Science majoring in Information Technology from the Royal Melbourne Institute of Technology in Australia.

Jeffrey Lowell is a Manager in PwC’s Forensic Services with over 8 years of experience in the fields of computer forensics, cybercrime, and electronic discovery.  At PwC, he has helped lead investigations into network intrusions, data breaches and hacking incidents involving large corporations responding to attacks in areas of financial fraud, intellectual property theft, insider threats and web site defacements. Prior to PwC, he worked at Navigant and KPMG LLP focusing on complex electronic discovery matters involving bankruptcy,  mortgage fraud, and stock back dating where he was responsible for forensic data collections, native file processing and document productions. He holds his Bachelor’s degree in Information Management and Technology from Syracuse University and is an Encase Certified Examiner (EnCE).

Join or login to comment.

80 went

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy