Find Out What We’ve Got Lined Up for #MVS2021
Our full agenda is available for you to view. Every presentation will also feature a Q&A and Discord activity — so be sure to join us live to get the most out of every session.
MVS21 AGENDA
Discover What You’ll Learn at MVS2021
RESULTS:
May
25
TYPE
Lecture
THEME
Computer
TIME
15:00 EDT
Applying the MITRE ATT&CK Framework to Dead Box Forensics by Mary Ellen Kennel
Mary Ellen KennelIn this Lecture:
A lot has been shared about the MITRE ATT&CK framework and how it can be leveraged as a powerful hunting resource and a threat modeling foundation. In this presentation, Mary Ellen will cover a different way of using MITRE ATT&CK – during a forensic investigation.
This talk will walk the audience through a complete investigation plan, A-Z, built from the MITRE ATT&CK framework. Unlike a lot of MITRE ATT&CK implications, the contents will be less about proactive threat hunting, and more as an aid to a forensic investigation. We’ll begin with an example incident that was just dropped on your desk, and all you have is an ip address. Your company had a visit from a three-letter agency, and you’ve now found out through a third party, that your org was popped; it doesn’t get much worse than that. The “suits” leave, and all you’ve got is an ip address and strict orders to piece together what happened. The order of events will be based loosely off of a paper Mary Ellen published in 2016 entitled, “IR A-Z“.
Expand
| Date | Details | Speaker | Session Type | Content Theme | Timezone |
|---|---|---|---|---|---|
|
May 25 |
Applying the MITRE ATT&CK Framework to Dead Box Forensics by Mary Ellen Kennel |
Mary Ellen Kennel |
Lecture |
Computer |
15:00 EDT |
|
In this Lecture: A lot has been shared about the MITRE ATT&CK framework and how it can be leveraged as a powerful hunting resource and a threat modeling foundation. In this presentation, Mary Ellen will cover a different way of using MITRE ATT&CK – during a forensic investigation. This talk will walk the audience through a complete investigation plan, A-Z, built from the MITRE ATT&CK framework. Unlike a lot of MITRE ATT&CK implications, the contents will be less about proactive threat hunting, and more as an aid to a forensic investigation. We’ll begin with an example incident that was just dropped on your desk, and all you have is an ip address. Your company had a visit from a three-letter agency, and you’ve now found out through a third party, that your org was popped; it doesn’t get much worse than that. The “suits” leave, and all you’ve got is an ip address and strict orders to piece together what happened. The order of events will be based loosely off of a paper Mary Ellen published in 2016 entitled, “IR A-Z“.
|
REGISTER NOW |
Note: Once you’ve registered for MVS21, you will be able to manage all your events via your MVS21 event hub.
Don’t Forget to Share!
Let the entire #DFIR community know that you’re making the most of #MVS2021 by sharing your thoughts and photos!
MVS MERCH
Get YOUR SUMMIT ON
We’re offering exclusive merch to help you get in the spirit of MVS! Check out what apparel we have available and remember that all profits go to Child Rescue Coalition.
Use code MVS2021 at checkout for 10% off!
