January TASK: Incident Investigation from the Frontline

Written By David Senf

We're excited to welcome back the TASK community to an in-person event! Our thanks to host KPMG! We'll have one talk this month to leave ample time for discussion and catching up!

We have two engaging and insightful speakers from Mandiant this month with Derek MacIsaac and Matthew Siuda discussing incident investigation from the trenches using a specific threat actor to learn about some clever tactics. See below for details.

This month TASK is sponsored by KPMG

January TASK

Date: Wednesday, January 25, 2023

Time: 6pm - 8:30pm

In-preson cancelled due to weather, please sign in over Zoom

Zoom Virtual Registration Link:

https://us06web.zoom.us/webinar/register/WN_NZ7H6BpYQXaQySPMcAG5RA

As always, TASK is free to attend.

Here's to another great year, we look forward to seeing you then,

TASK Steering Committee

Speakers: Derek MacIsaac and Matthew Siuda

Topic: War Stories from the Frontlines – Tracking the Sneaky Techniques of UNC1945

UNC1945, also known publicly as LightBasin and TH-239, is a threat group that Mandiant has observed targeting a number of verticals including telecommunications, financial, and business services industries since at least early 2018. The group has demonstrated experience and comfort using unique tactics, techniques, and procedures to take full advantage of the decreased visibility and security measures that are often present in Unix and Linux environments. Join Derek MacIsaac and Matthew Siuda as they discuss engagements involving this sophisticated and persistent adversary over the years. Gain a behind the scenes understanding of the threat actor’s behavior, culture and tools.

Speaker bios:

Derek MacIsaac

Derek is a Principal Consultant with Mandiant's Incident Response team in Canada. He has over 15 years of experience working in digital forensics, incident response, and threat hunting. He began his career in information technology before transitioning to digital forensics and litigation support services, where he specialized in open source intelligence. He has led and assisted with administrative, civil, and criminal investigations for small start-ups, government agencies, and Fortune 500 companies, and has provided litigation support services to law firms in Canada and the United States. At Mandiant, he has responded to intrusions involving targeted threat actors in many market verticals, including government, finance, transportation, and energy.

Matthew Siuda

Matthew Siuda is an Associate Consultant working in the Incident Response practice at Mandiant. He graduated from Sheridan's Honours Bachelor of Information Sciences (Cybersecurity) program in 2019 and has worked as a Security Analyst responding to internal incidents before moving to digital forensics and incident response. Matthew is a GIAC Certified Forensic Analyst (GCFA), and in his two years with Mandiant has worked on engagements that has included nation state threat actors, 0-day exploitations, and novel new malware variants. When not hunting down evil, Matthew will typically be found outdoors hiking with his dog, kayakiing, or skiing.

David Senf
Previous

February TASK: Securing Active Directory
Next

November TASK: Cloud Security