Stop! Don’t Make That Noob Incident Handling Mistake

Learn essential incident handling techniques to avoid common mistakes during cybersecurity crises. Explore strategies for preserving evidence, analyzing data, and managing compromised systems effectively. Gain insights from real-world experiences fighting APT attackers, Russian cyber criminals, and internal hacking administrators. Discover the Cyber Crisis Planning Room, a web-based application designed to enhance collaboration among incident responders and streamline management oversight. Examine the six stages of cyber espionage, assess classic attacks, and understand the importance of swift containment. Develop skills in planning and managing incidents, utilizing tools like the Lego Cyber Crisis Planning Room to separate, index, and cross-check incidents efficiently.

Intro
Steves background
Cyber CPR
Corporate Mode
What is Instant Response
Why do we care
PWC UK Business Survey
Stress Balls
Chess
Network
Plate Pieces
Playing Chess
Losing Pieces
Losing Data
Always Observe
Maneuverability
Chuck Norris
Bruce Lee
Basic Tools
Best Tools
Taekwondo
The Brave
Cyber Espionage
The Six Stages
Not having an Incident Response Plan
Overly complicated large documents
Knowledge transfer is only by experience
I am the most valuable person
Why compromise a domain controller
Another management fail
Assessment
Classic Attacks
How fast to containment
They sit in the domain
They find old export code
Restoring a previously vulnerable version
Flattening malware
Defending your tempo
Planning an incident
Managing an incident
Lego Cyber Crisis Planning Room
What does it do
Does it pull out from Peek
I have this bad reputation
with demos
separate out incidents
index and crosscheck
Shaggy ScoobyDoo