Fyodor Yarochkin, Vladimir Kropotov & Sergey Soldatov (Independent Security Researchers)

HITB LAB TITLE:  Defending the Enterprise the Russian Way

HITB LAB ABSTRACT:

In this 120 minute lab session, we share the tips, tricks and tools that we’ve developed to automatically detect and mitigate infected machines on the fly plus identify and trace APT hackers.

Through various case studies, we show methods of detection, analysis and prevention of attacks against enterprise infrastructure. We cover how to identify signs of
network perimeter and internal breaches and how to automate infrastructure to identify internal network infections including worms and botnet activities. In addition, we will also share our tools and tips on detecting targeted attacks and activity related to targeted attacks (aka an advanced persistent threat or APT).

All case studies will be thoroughly illustrated with sample data, scripts, tools and puzzles. Attendees will have a chance to gain hands-on experience in the process of performing a forensics investigation and all sample data, code, and other practical materials will be made available. We officially support Ubuntu/Debian with our toolkits, but other flavours of Linux should be useable with little or no code tweaking.

ABOUT FYODOR YAROCHKIN

Fyodor Yarochkin is a researcher from Academia Sinica Taiwan and open source enthusiast with extended experience in intrusion detection technologies.

ABOUT VLADIMIR KROPOTOV

Vladimir Kropotov is an independent security researcher and Security Operations Center lead at one of the biggest Russian companies. His main interests lie in network traffic analysis, incident response, botnet investigations, and cybercrime. He is a frequent speaker at a number of conferences including CARO, PhDays and ZeroNights.

ABOUT SERGEY SOLDATOV

Sergey Soldatov is a Bauman Moscow State Technological university graduate and an independent security practitioner with more than 10 years of network security experience. He has extensive programming experience and has been involved in large ISP related development projects.