Investigating Security Threats like Sherlock Holmes: Being Digital Detective

Cyber attacks are common and complex these days. "Catch me if you can " is a phrase that fits the bill when it comes to researchers and attackers.

Indicators of compromise, IDS/IPS logs, intel info and a whole of information
is right in front of a researcher/security expert. Collecting the dot does not matter, connecting does.

The talk is about what are the various means and ways a researcher conducts investigation on bad domain/good domains and how he connects the dots with the information obtained from it to crack the attack pattern or attack path.

The talk will feature demos on real world attacks and how small scale business like shopping carts are affected.

About the speaker:

Shyam Sundar Ramaswami is a Security Researcher with Cisco Umbrella India Security Research org. He is a security Ninja Black belt(highest honour in Cisco for security folks), a security blogger, boot camp trainer, conference speaker, mentor, a Batman fan and a python enthusiast. His publications include “The Dark Knight of security – Pen-testing series” and “Domain names : Are you watching closely” which talks about a new concept called Modern way of parking domains ( https://umbrella.cisco.com/blog/blog/2017/03/28/domain-names-watching-closely/ ), where his research was instrumental in stopping a new format of attack. He runs a mentoring program called “Being Robin”, where he mentors students across the globe and helps them with their masters projects on security. Currently there are 100 students around the globe in “Being Robin”.

Participates are requested to show the Meetup ticket to the security at the entry gate on their mobiles to reduce paper wastage with printouts.