UD team at NoNameCon 2019: outcomes and materials
NoNameCon was epic this year! We loved to see the growth of our community and contribute with speeches sharing our expertise! There were 3 speakers from UnderDefense, 2 Villages and 12 UD teamers who attended the conference.
The UD Villages were some challengeable spots for conference visitors to try out yourselves in the capture-the-flag-like activities for red and blue teamers.
Village 1 Game of SOC
We’ve decided to prepare a similar competition to Boss of the SOC event held by our partner Splunk and find those who virtuously detect threats and respond to incidents. The participants were able to test various capabilities of Splunk SIEM for log collection, correlation rules writing and data visualization.
Splunk – the platform for data collection and analytics – had a great interest from the audience to test and learn lots of cool features to “Shine a light on your greatest untapped asset”. Also, we shared our experience of how Splunk Enterprise Security can help a company manage the security operations. View The Essential Guide to Security on how to get started using the Splunk platform to solve security challenges.
The participants were able to compare Splunk with other platforms and ask our Splunk Experts bothersome questions and receive answers. “You will never know if you do not compare” – say our UD analysts. “ The best way to know whether Splunk fits your needs is to test the platform”.
Village 2 Hack the Train
Our CTF “Hack the train” was a great chance to investigate a Web Application for possible flows and gain control over the platform. Our Analysts have compiled the workshop on the base of our experience dealing with different case scenarios helping our clients to secure their products.
Watch some of the previews of how does it look like at our YouTube channel!
“Automation in modern Incident Detection & Response (IDR) process”
Incident Detection & Response requires People – to Think, Tools – to provide data and analytics and Processes – to avoid fuckups and assure the quality. But with more alerts, the analysis takes more time, decisions and moreover – actions need to be taken immediately. Attackers actively use automation, so Defenders should also optimize their processes.
In the presentation, we’d like to share some of the lessons learned. Our focus would be on practical moments, the challenges we faced and the simple working solutions we discovered
“Will you detect it or not? How to check if security team is ready before the incident happens”
Before the real incident happens, security team must test their detection capabilities in different ways. An overview of MITRE ATT&CK Matrix, test environments and other friends of Blue Team. Obstacles, unexpected discoveries, lack of information, a flood of logs, new technologies – you will meet them all if you want to build an effective defense team.
“MacOS Security threats”
Small talk about the latest MacOS malware. Security patches and their issues. Examples both with well-known malware samples and with samples from own experience. This speech is like a brunch about how your Mac becomes exploited, with real cases of malware, known vulnerabilities, and self-made PoC.
Learn more about our experience with MacOS devices security and the Antimalware trainings we provide!
Get the Help You Need
Cybersecurity is our core expertise. Let’s get in touch and you will learn more about how UnderDefense can benefit your organization
25 SOC 2 Policy Templates to Prepare for SOC 2 Audit
SOC 2 is a comprehensive framework that requires organizations to adopt particular controls that address the five Trust Services Criteria (TSC): Security, Availability, Processing Integrity, Confidentiality, and Privacy. There are no formal templates for SOC 2...
SOC 2 Compliance Checklist: Step-by-Step Guide for 2023
SOC 2 (Service Organization Controls 2) is both an audit procedure and criteria that specify how an organization should manage internal controls. If you need to prepare for SOC 2 compliance but are uncertain how to do it, what to start with, or what to anticipate,...
Cybersecurity playbook for SMEs:simple strategies for IT leaders to follow
Lean Security How-To Webinar SeriesCybersecurity playbook for SMEs:simple strategies for IT leaders to followClaim your seat on Linkedin LiveThursday, May 25th12pm EST (9am PST, 6pm CET)Linkedin LiveFreeDescriptionThe latest statistics show that since 2022, businesses...