Joseph Carson

Following in the footsteps of a cyber-criminal and uncovering their digital footprint. This is a journey inside the mind of an ethical hacker’s response to a ransomware incident that brought a business to a full stop, and discovering the evidence left behind to uncover their attack path and the techniques used. Malicious attackers look for the cheapest, fastest, stealthiest way to achieve their goals. Windows endpoints provide many opportunities to gain entry to IT environments and access sensitive information. This session will show you the attacker’s techniques used and how they went from zero to full domain admin compromise that resulted in a nasty CryLock ransomware incident.In this session Joseph Carson will cover a real-world incident response to the CryLock ransomware showing the techniques used by the attackers. The footprints left behind and uncovering the techniques used.

• How attackers gained access to system
• Established staging
• What tools were used
• What commands were executed
•  How the ransomware was delivered
• How AD elevation was achieved

Key Takeaways

• Learn best practices for moving your secured privileged environment from on prem to the cloud.
• Discover key methods to apply the same security controls and policies across your different cloud environments.
• Hear Identity and Access Management stories from the trenches of industry-leading financial corporations.