Walk through of the 2016 CERT Australia BSides Canberra Incident Response Challenge

No ratings

Presented at Bsidescanberra 2017 by

Andrew Clark

Simeon Simes

CERT Australia has been using technical challenges to test applicants for technical roles in its team over the past two years. In 2016 we re-released one of these challenges for the Bsides Canberra Incident Response Challenge. In this presentation we will provide a technical walk-through of the analysis associated with this challenge which involved examining packet capture and memory artefacts. We'll also give an overview of how CERT Australia uses technical challenges in its recruitment activities. The challenge was based on actual activity and work undertaken by the CERT responding to incidents and reflects contemporary adversarial tradecraft. We'll start with an overview of the challenge and then burrow into the details covering compromised websites, phishing, malicious Word macros, Gmail for command and control, persistence mechanisms and more!