ISACA NL Chapter, ICT, auditing en training
Detect the hack sooner, audit (investigate) cybercrime
Door: Robert Jan Mora
This presentation covers some first hand investigation experiences. At Hoffmann Investigations we participated in several large forensic cybercrime investigations of large scale hacking and espionage in corporate networks. Attackers who have been in control of these networks for months, without being noticed by IT departments, local security software or intrusion detection systems. Discovering the attackers is one thing, but investigating them, and their actions is really challenging in networks with thousands of workstations and servers.
These networks can host complete botnets, controlled through RDP sessions, that will never trigger intrusion detection systems. I will also discuss several interesting findings and methods we used in these investigations, for example the discovery of malware that was unnoticed by AV vendors for months. In this presentation I will focus on how to establish a control environment to detect the hacking attacks sooner and reduce the time available that a hacker needs to have to compromise an entire network.”