Today, Martin Schmiedecker presents at the HackPra lecture at RUB, Bochum. He joins an impressive list of previous speakers, among others Mario Heiderich, Stefan Esser, Ange Albertini or Felix ‘FX’ Lindner.
Title: Turning Incident Response to Eleven
Abstract: We’ve all been there – this one course at university where they tell you to actually read the log files, do proper incident response, and document everything. And its all fun and games, until you get hit by reality and have to analyze a possible security incident with a laterally moving attacker, and possibly more than 100 affected systems. Or 1000. Or even more … Next thing you remember is waking up in a room without windows, packed with hard drives that are labeled obscurely, and a hardware write blocker that only does USB 2.0.
In this talk I’ll show which analysis techniques and tools that work at scale, namely for many systems in parallel. And central logging is just a tiny piece in the puzzle. In particular I will present the new open-source tools GRR, bulk_extractor/fiwalk and peekaTorrent.
You can find the video of the talk here.