![Loading Events](https://www.antisyphontraining.com/wp-content/plugins/the-events-calendar/src/resources/images/tribe-loading.gif)
- This event has passed.
Incident Response Summit
June 19 @ 11:00 am – 4:00 pm EDT
Handling a cyber incident can be an intimidating challenge.
Preparation is key when it comes to:
- Avoiding mistakes
- Keeping your cool under highly stressful situations
- Maturing your monitoring and response capabilities in deploying countermeasures to thwart threat activity
Are you prepared to handle a business email compromise? What about a large-scale breach? Confused about the processes and technologies you need to have in place to be successful? How about the personnel and their respective roles to execute various IR procedures?
Come join us at the Incident Response Summit and stay for the two-day training session. Learn how to get started on your journey!
![Incident Response Summit](https://www.antisyphontraining.com/wp-content/uploads/2024/03/IR-Summit-2024-1024x576.png)
These classes are a part of Incident Response Summit. Class includes registration for the summit. Click on a class in the list to access more information on the course as well as a link to registration. Do you wish to attend the summit only? Click here!
Class Title | Instructor(s) | Class hours/price |
---|---|---|
Linux Disk Forensics | Hal Pomeranz | 16 Hours/$575 |
Cyber Security Incident Command | Gerry Johansen | 16 Hours/$575 |
Incident Response Foundations | Derek Banks | 16 Hours/$575 |
Network Forensics and Incident Response | Troy Wojewoda | 16 Hours/$575 |
Advanced Endpoint Investigations | Alissa Torres | 16 Hours/$575 |
Ransomware Attack Simulation and Investigation for Blue Teamers | Marcus Schober | 16 Hours/$575 |
Cyber Threat Intelligence 101 | Wade Wells | 8 Hours/$295 |
Attack-Detect-Defend (ADD) | Kent Ickler & Jordan Drysdale | 16 Hours/$575 |
Class Dates | Class Times |
---|---|
Thursday, June 20, 2024: | 9:00 AM-6:00 PM* |
Friday, June 21, 2024: | 10:00 AM-6:00 PM |
Summit Talks
11:00 AM – 12:00 PM ET Panel Discussion – John Strand, Derek Banks, Troy Wojewoda, Alissa Torres, Gerry Johansen |
12:00 PM – 12:30 PM ET How I started my summer vacation: Navigating My First Incident in the Cloud with Josh Hankins In this presentation, I’ll share my firsthand experience managing an event entirely based in the cloud. Buckle up for “The Good, The Bad, and The Ugly” as we explore the highs and lows of this event from summer of 2021. Along the way, I’ll detail valuable lessons learned and discuss what we could have done differently with the benefit of hindsight. Let’s turn hindsight into foresight and elevate our cloud security defense game. Attendees will leave with actionable takeaways to optimize their own incident-response plans so your summer vacation will be memorable for the right reasons. |
12:30 PM – 1:00 PM ET Incident Response as a Recovering Pentester with Alper Basaran Hi, my name is Alper and I’m a Penetration Tester and your Incident Responder. Over the past year our company has sent me to more incident response engagements than penetration tests. The first few were horribly stressful, then I found ways to leverage my penetration testing experience and everything became much easier. I’ve transitioned to incident response after 15 years working in penetration testing and I now see how the experience I had gained in penetration testing has provided me with skills and knowledge that has helped me become a fairly good incident responder. This talk aims to cover specific skills penetration testers have which can be useful for all six steps of incident response. This talk also covers some specific functions of security such as threat modeling and source code analysis which, once integrated in the SOC process will help all organizations be better prepared for incidents. |
1:00 PM – 1:30 PM ET Dungeons & Dragons: The security tool you didn’t know you needed with Klaus Agnoletti In my talk, I’ll dive into the world of game-based learning in cybersecurity, showcasing HackBack – a unique framework that blends role-playing game elements with security training. I’ll explain how HackBack revolutionises traditional methods by providing immersive, risk-free simulations of security situations, both offensive and defensive, making it ideal for teaching concepts like Zero Trust and enhancing teamwork and empathy among participants. We’ll explore the open-source nature of HackBack and how it fosters a community-driven approach to cybersecurity education, making it accessible and adaptable to various settings. Join me to discover how game-based learning is a crucial, yet often overlooked tool in developing effective security professionals. |
1:30 PM – 2:00 PM ET Demystifying AWS Incident Response: A Practical Perspective with Monty Shyama How do we deal with exposed IAM access / secret keys incident scenerio, where keys were inadvertently pushed by a developer to public github respostitory. I will show screenshots containing practical from my lab setup on how do we configure AWS CLI, what attacker will do with these exposed keys (basically creating new temporary session tokens, etc.) and querying for resources available to this exposed keys. I will also talk about mitigation steps. This presentation will include EC2 instance compromise use case, how do we take EBS snapshot, how do we take memory snapshot, how do we isolate this instance using security groups, etc. How do we use systems manager to automate various aspects of this workflow. At last, let’s talk about AWS Incident Response Framework available on github, what challenges it solve, how do we deploy it, what the architecture look like, etc. |
2:00 PM – 2:30 PM ET Navigating the Shadows: Incident Response in the Age of Dark Web Tactics with Matthew Maynard In the realm of cybersecurity, organizations face an increasingly complex threat landscape, with adversaries leveraging the dark web for sophisticated attacks. This talk delves into the realm of incident response in the context of dark web tactics and techniques (TTPs), exploring the challenges and strategies for effectively combating cyber threats. By examining the anonymizing tools, underground markets, malware-as-a-service offerings, and bulletproof hosting services prevalent on the dark web, attendees will gain insights into the clandestine operations of cybercriminals. The talk discusses incident response strategies, detection and benefits of dark web threat intelligence. Attendees will leave equipped with practical insights and actionable steps to fortify their defenses against dark web-enabled cyber threats, safeguarding their organizations’ digital assets and resilience in the face of evolving cyber risks. |
2:30 PM – 3:00 PM ET The Million-Dollar CEO Fraud: Anatomy of a Business Email Compromise with Damien Miller-McAndrews This talk will detail an incident I responded to at the beginning of my career, where an email compromise led to the loss of over 1 million dollars. I will go over the incident timeline from start to finish, discussing the techniques, tactics, and procedures utilized by the threat actor throughout the incident. Come for the war story, stay for the vital information on BEC incident response, a topic that many defenders and IR professionals are ill-prepared for. |
3:00 PM – 3:30 PM ET Dumpster Fires: 3 things about IR I learned by being a firefighter with Catherine Ullman Threats surround us like a ring of burning fire. Unfortunately, incident response doesn’t come naturally to an operational mindset where the focus tends to be on reactive problem solving. As a volunteer firefighter for over twenty years, the speaker has learned a lot about what is and isn’t effective. There are surprising parallels between fighting real-life fires and the fire-fighting that passes for today’s incident response. For example, striking a balance between swift response and patient reflection is often the difference between life and death, in a very literal sense for the firefighter and a figurative sense for the security professional. It’s also all too easy to get tunnel vision and focus on the wrong areas, costing precious time. The security world is full of dumpster fires these days, so join this session to learn from a good firefighter what makes a good security person. |
3:30 PM – 4:00 PM ET What’s in the Box?? with James Bierly Small businesses often lack basic security controls and are often not aware of what to do. Although we cannot always prevent an attack, we can at least detect it and provide information to others. In this talk we will learn about techniques that can be employed to protect small businesses that lack a dedicated IT presence. This will include both proactive and reactive measures. We will dive into deploying and using the Elastic Stack and Sysmon to provide post incident telemetry without a lot of hassle for the business and configure Microsoft Defender and the Edge browser to provide a low-cost solution to endpoint defense. Finally we will “sprinkle the network with pocket litter” by deploying Canary Tokens to help detect, both external and internal threats to the network and data. |
4:00 PM Closing Comments – CTF Winner – John Strand, Eric Taylor, Zach Hill |
MetaCTF
MetaCTF is back with another CTF for the Incident Response Summit! Register at https://metactf.com/join/irsummit24
This event runs Wednesday, June 19th 11 AM to 3:30 PM ET
Unlike our previous traditional jeopardy-style CTFs, this event will be Attack & Defense. Each participant will receive a few identical services to protect. You will have access to their source code and the machine these services are running on. Your task is to identify and patch vulnerabilities in your services and exploit the same vulnerabilities in other participants’ services. You will also be given PCAPs of the network traffic going to and from your services, which you can use to analyze the attacks performed against your services by others.
You may compete as an individual or in teams of up to 4. The MetaCTF crew will be offering hints and support during the CTF in the Antisyphon Training Discord server.
Here are the prizes. If a team wins, the prize will have to be shared (only 1 individual will receive a WWHF ticket or the gift card will have to be split).
- In-person con ticket to WWHF – Deadwood 2024
- $100 gift card to Spearphish General Store
- $50 gift card to Spearphish General Store
Pricing: