HomeContactSite MapPrivacy Policy
         
CompanyProfessional ServicesEducationSoftwareResources
Press Releases
Events
Presentations
Books
Articles
Collateral
Audio/visual
 
 

Presentations

MANDIANT professionals are poised, proficient, charismatic and well-spoken presenters who speak at conferences, symposiums, seminars, customer meetings and many other venues. As thought leaders in proactive and reactive security, we are invited to speak at over 40 events per year as keynote or special guest speakers. Because we come from the field into the presentation, our topics and materials are fresh and cutting edge. We offer a variety of speaking engagement topics on proactive and reactive security matters. Abstracts of our presentations are listed below for your review. Please contact us if you would like MANDIANT to speak at your event.


THE STATE OF THE HACK
MANDIANT has responded to over 30 computer security incidents at some of America’s largest organizations. MANDIANT was on the front lines assisting these organizations in responding to international computer intrusions, theft of Intellectual Property, electronic discovery issues, and widespread compromise of sensitive data. During our efforts to resolve these incidents, many similar challenges and issues confronted each organization. During this presentation, MANDIANT provides examples of how these incidents impacted organizations, and discusses the challenges that each organization faced. We demonstrate the “State-of-the-Art” methods being used to respond to these incidents, and address emerging trends and technologies that offer strategic approaches to minimize the risks that organizations face from the liabilities the information age has brought.


THE EVOLUTION OF INCIDENT RESPONSE
Over the past three years alone, MANDIANT has responded to over 30 computer security incidents at some of America’s largest organizations. MANDIANT was on the front lines assisting these organizations in responding to international computer intrusions, theft of Intellectual Property, electronic discovery issues, and widespread compromise of sensitive data. During our efforts to resolve these incidents, many similar challenges and issues confronted each organization. During this presentation, MANDIANT re-enacts some of the incidents, provides examples of how these incidents impacted organizations, and discusses the challenges that each organization faced. We demonstrate the “State-of-the-Art” methods being used to perform Incident Response, and address emerging trends and technologies that offer strategic approaches to minimize the risks an organization faces from the liabilities the information age has brought.


STRATEGIC INFORMATION ASSURANCE
Information technology has provided great benefits to organizations; it can greatly increase efficiency of employees, promotes effective decentralized communication, it fosters collaboration, and it provides tremendous flexibility to employees. IT greatly contributes to the "internationalization" of organizations. However, along with these benefits, doors of liabilities open up:

  • Direct costs from computer intrusions (theft, extortion, intentional damage)
  • Costs to resolve incidents
  • Negative public exposure and diminished consumer confidence
  • Regulatory requirements to protect electronic data
  • Failure to meet contractual obligations
  • Worst Case Scenarios

Stop-gap countermeasures or tactical knee-jerk reactions will not adequately prevent these liabilities from occurring, nor posture an organization to handle an adverse incident in a methodical, effective manner. MANDIANT will provide real examples of how these liabilities impact organizations, and discuss some strategic approaches to minimize the risks an organization faces from the liabilities the information age has brought.


INCIDENT HANDLING AND FORENSICS
When a computer security breach occurs, a timely and thorough investigation to assess and curtail damage is critical. In an effort to minimize your exposure to risk, and implement the most appropriate countermeasures, your investigation must rapidly determine the scope of compromise, and identify effective network and host-based countermeasures that can contain the compromise. With study guides in hand, participants in this workshop will run through a computer security case together, learning how to collect information in a forensically sound manner, how to interpret the information gathered, assess the extent of the compromise, all the while learning about various forensic techniques – from finding trace evidence to mitigating future risks.


THE STATE OF COMPUTER FORENSICS
MANDIANT had responded to multitudes of computer security incidents and has been involved in dozens of criminal cases. MANDIANT intends to discuss these cases and how computer forensic techniques assisted in each case. We provide details about a terrorism case, a computer intrusion case, and several other cases he was involved with. Each of the case studies provides a poignant introduction into the techniques required by computer forensic examiners, and how tricky it can be to unearth relevant information.


IDENTITY THEFT – THE “UNTRACEABLE” SOURCE
Internet spending for 2005 gained 22 percent over 2004 spending. Data released by comScore Networks www.comscore.com finds total Internet spending, including travel, hit $143.2 billion in 2005. An estimated 6 percent of all non-travel consumer retail spending (excluding expenditures for autos, gasoline, and food) is spent online, according to the research firm. Of the total online spending, $82.3 billion was spent on non-travel retail and $60.9 billion was spent on travel, but how much was wasted in fraudulent activity or auctions? MANDIANT will share our experiences investigating more than 20 fraud-related intrusions during the past year. We will demonstrate that each compromise revolved around a single objective: money. MANDIANT will outline a standard attacker methodology, showing how a computer intrusion was followed by credit card fraud, extortion, or fraudulent purchases – all of which are a type of identity theft.


WIRELESS INTRUSIONS: ARE YOU DETECTING THEM?
Perimeter security is an effective means to keep outside hackers at bay. However, the wireless perimeter is an oxymoron. The theoretically infinite range of the wireless medium poses significant challenges for anyone trying to secure a wireless network and even more so for someone trying to detect an intrusion. Furthermore, the innate vulnerabilities of the underlying 802.11 protocol make it almost impossible to prevent security breaches; thus, increasing the onus on intrusion detection. This presentation discusses some common attacks against wireless networks and the tools and techniques used to detect them.


THE CHANGING LANDSCAPE OF SECURITY INCIDENTS
Until recently, the number of reported security incidents closely followed the number of vendor-issued advisories. However, of late, this trend seems to have broken. The number of incidents have spiked in comparison to the issued advisories. This diminishing correlation can be attributed to an increase in attacks against custom web applications, the targeting of end-users by hackers, and the emergence of zero-day exploits. This presentation discusses real world examples of such trend-breaking attacks.


INVESTIGATING WIRELESS INTRUSIONS
MANDIANT demonstrations how attackers infiltrate wireless networks. Attendees are provided with MANDIANT’s Linux wireless investigation tools and are provided the opportunity and means to identify access points, eavesdropping and performing common attacks. The major topics covered during this presentation include:

  • Access Point Detection
  • SSID Determination
  • Eavesdropping
  • Detecting and Investigating Attackers
  • Sniffing and Physical Surveillance

MANDIANT can build upon the topics presented in the wireless seminar above in an advanced presentation by covering more cutting-edge tools and attacks. Hands-on demonstrations by the instructor (hands-on exercises by the participant are optional) will be used to fortify the principles being taught. The following points are the more significant areas that are covered in this presentation:

  • Wireless Case Studies
  • WEP Cracking
  • Denial of Service Attacks
  • Fake AP Attacks


PERFORMING MALWARE ANALYSIS
MANDIANT will provide an introduction to tools and techniques to perform forensic analysis of UNIX malware. Static and dynamic analysis will be discussed (including disassembly and debugging) on a walk-through case study of an unknown binary. Issues such an encryption, obfuscation and emerging threats will also be discussed. The following points are the more significant areas that are covered during this intense presentation:

  • UNIX and Windows Sessions
  • Setup of Examination Environment
  • OllyDbg, IDAPro & SoftICE Tools
  • In-Depth Case Studies
  • Emerging Threats
  • Code Constructs
  • Binary Functions and Purpose
  • Registry Key Lists
  • Binary Origins and Indicators
  • Binary Sophistication Level Opinions

MANDIANT can also present a similar seminar on malware analysis of Windows. We will discuss the tools and techniques required to understand the purpose and function of an unknown Windows executable file.


CASE STUDY APPLICATION
MANDIANT will draw upon our years of experience to present timely real-world case studies. We will discuss intriguing client situations to provide you with unique forensic tips that can assist in your response.

  • In-Depth Technical Details
  • Real Case Discussions
  • Time Stamp Tampering Analysis
  • Application Analysis

back to top