UD team at NoNameCon 2019: outcomes and materials
NoNameCon was epic this year! We loved to see the growth of our community and contribute with speeches sharing our expertise! There were 3 speakers from UnderDefense, 2 Villages and 12 UD teamers who attended the conference.
The UD Villages were some challengeable spots for conference visitors to try out yourselves in the capture-the-flag-like activities for red and blue teamers.
Village 1 Game of SOC
We’ve decided to prepare a similar competition to Boss of the SOC event held by our partner Splunk and find those who virtuously detect threats and respond to incidents. The participants were able to test various capabilities of Splunk SIEM for log collection, correlation rules writing and data visualization.
Splunk – the platform for data collection and analytics – had a great interest from the audience to test and learn lots of cool features to “Shine a light on your greatest untapped asset”. Also, we shared our experience of how Splunk Enterprise Security can help a company manage the security operations. View The Essential Guide to Security on how to get started using the Splunk platform to solve security challenges.
The participants were able to compare Splunk with other platforms and ask our Splunk Experts bothersome questions and receive answers. “You will never know if you do not compare” – say our UD analysts. “ The best way to know whether Splunk fits your needs is to test the platform”.
Village 2 Hack the Train
Our CTF “Hack the train” was a great chance to investigate a Web Application for possible flows and gain control over the platform. Our Analysts have compiled the workshop on the base of our experience dealing with different case scenarios helping our clients to secure their products.
Watch some of the previews of how does it look like at our YouTube channel!
“Automation in modern Incident Detection & Response (IDR) process”
Incident Detection & Response requires People – to Think, Tools – to provide data and analytics and Processes – to avoid fuckups and assure the quality. But with more alerts, the analysis takes more time, decisions and moreover – actions need to be taken immediately. Attackers actively use automation, so Defenders should also optimize their processes.
In the presentation, we’d like to share some of the lessons learned. Our focus would be on practical moments, the challenges we faced and the simple working solutions we discovered
“Will you detect it or not? How to check if security team is ready before the incident happens”
Before the real incident happens, security team must test their detection capabilities in different ways. An overview of MITRE ATT&CK Matrix, test environments and other friends of Blue Team. Obstacles, unexpected discoveries, lack of information, a flood of logs, new technologies – you will meet them all if you want to build an effective defense team.
“MacOS Security threats”
Small talk about the latest MacOS malware. Security patches and their issues. Examples both with well-known malware samples and with samples from own experience. This speech is like a brunch about how your Mac becomes exploited, with real cases of malware, known vulnerabilities, and self-made PoC.