Prev MonthPrev Month Next MonthNext Month
Ottawa - April 2021 Chapter Meeting
Tuesday, April 13, 2021, 6:00 PM - 7:30 PM EDT
Category: Chapter Meeting

HTCIA Chapter April Zoom Event

TOPIC: Needles in the Haystack - Detection of The Cyber Kill Chain from Network- and Host-Based Data

Presenters:  Mike Sues & Shane Shuster

BIO (Mike Sues):  Mr. Sues, CEO/Senior Ethical Hack Specialist with Rigel Kent Security, CEO/Vulnerability Researcher with Cryptid Labs and co-CEO of Invariant Security has worked in Offensive Operations for 34 years, performing Vulnerability Research and weaponization of exploits as well as use during operations Red Team’ing activities. He is also a very experienced Penetration Tester and Security Trainer with an extensive background in designing, developing, and participating in Cyber Exercises as a Red Team member as well as providing other roles to assist the Blue Teams in meeting their learning objectives.

BIO (Shane Shuster):  Mr. Shuster, Ethical Hack Specialist with Rigel Kent Security, is a Penetration Tester, Red Teamer, and Malware Developer with experience in Cyber Exercises and Penetration Testing. Mr. Shuster is well-versed in the development of offensive security tools and malicious software implants, specializing in with kernel implants, process injection, as well as leveraging Windows and .NET APIs. In doing so, he has gained proficiency in utilizing a variety of languages, focusing primarily on Go, C++, and C#. Furthermore, he has experience in penetration testing networks, applications, and operating systems including embedded systems, alongside various forms of Windows, Unix, and Linux systems.

Topic:  In this talk, the presenters will go through a set of abbreviated though representative steps in the cyber kill chain, executing them live in a small exercise environment where network traffic and Windows events are collected by Security Onion 2.  As they run each step live, they'll explain what is involved in the attack and then review the SO2 detects and where steps were not detected, the fingerprints left in traffic and host event logs by the tools and their procedures.

Time: April 13, 2021 6pm – 7:30pm Eastern Time  *extended duration*