Digital Forensics and Incident Response, Offensive Operations
Explore content featuring this instructor’s insights and expertise.
A lot of effort is put into building and configuring preventative controls for our IT environments. The idea makes sense, we want to prevent attacks. However, is this always the best option?
The increased size and complexity of enterprise networks, combined with the increasing scale of attacks means that we need to develop new ways to respond to our adversaries. In this talk we will look at the challenges faced during enterprise IR and how we can use triage & automation to help speed up our response.
A lot of the traditional techniques we use for incident response, and digital forensics, are too slow when dealing with the challenges of scale and time in a modern intrusion.
Time is critical during incident response. One way we can speed up is by becoming more efficient; this is definitely an area where AI (or really "LLM") technology can help. In this session, we will look at some of the areas where our DFIR teams can quickly use AI assistance to speed up their incident scoping and threat-hunting activities.
People often believe that Linux is a “secure” operating system or that they “don’t have much Linux” in their environment, so they “don’t need to worry about it.”
