Exploring the Digital Underworld & Mitre Att&ck Automation

Talk 1: Gavin O’Gorman

Gavin has been working in Symantec for the past nine years, Gavin is an intelligence analyst on the attack investigations team. Before moving to the attack investigations team in 2013, he worked as a reverse engineer, and as an incident handler. Gavin's primary role is to gather together information from both Symantec data sources, and open sources, to build a comprehensive picture of an attack, or attackers. Another aspect of the job is to work with law enforcement to assist in the investigation of e-crime where possible. Prior to working in Symantec, Gavin spent several years researching network security in Dublin City University, and currently lectures part-time for the DCU Masters in Security & Forensics course.

Talk Description - "Exploring the Digital Underworld"

Gavin will be talking about how over the past year, researchers in Symantec have been tracking a group they refer to as Hayworm. From what appeared to be a disparate set of unrelated victims, Symantec researchers have been able to identify the operators behind these attacks, and their motivation. Gavin will describe the investigation, including how the attackers work, and how researchers managed to identify them.

Talk 2: Eamonn Ryan

Eamonn has been working with McAfee for 2.5 years and has been working within the security realm for 5 years. He has worked in a blue team environment and also in a more red team focused role so can see both sides of the equation!

Talk Description - "Mitre Att&ck Technique Automation"

If you are following security news recently, you may have heard about the Mitre Att&ck Framework. Mitre describe it as follows: "MITRE ATT&CK™ is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.". Eamonn has been utilizing this framework and automating the respective techniques. This talk will describe and demonstrate these automations, with a focus on some of the hacking techniques mentioned during Gavin's talk.

... Afterwards ...

We will hang around for chats and maybe a beer.