April TASK: Velociraptor: Uplevelling Threat Hunting & Incident Response / Hacking the LinkedIn Job Interview
Live and in-person at TMU + Live-Streamed on Discord
Date: Wednesday, April 30
Time: 6:00 PM
In-Person Location: DCC 208 Classroom at TMU's Daphne Cockwell Health Sciences Complex - 288 Church Street
Registration: Not required
Live-Stream: Although TASK is always best in-person, we will steam live again on Discord @ https://discord.gg/aXfY76xgVJ.
Topic: Velociraptor: Uplevelling Threat Hunting and Incident Response
Speaker: Julian Pileggi
As investigators, we regularly come up against the same challenges, both from a collection and analysis perspective. These problems are common across the industry, and this talk will dive into Velociraptor, an open-source tool that addresses them in a way that nothing else does. This tool is a must-have for any skilled investigator, from one professional to another. This talk is best suited for those who have an interest in any of Threat Hunting, Digital Forensics, Incident Response or Insider Threat Investigations. By the end of this talk, you will learn how to use Velociraptor, to solve pain points, including:
Have you ever had to wait for a system to come online so you could collect more investigative data with your EDR?
Have you ever wanted to collect a certain artifact, but were told that your existing tools don't support that, so you had to write a PowerShell script by hand?
Were you ever provided with detailed telemetry, but discovered there were gaps because file writes were only recorded for certain extensions?
Have you ever needed to collect multiple files from a system, but your tools only collect one file at a time, so you're forced to manually zip and transfer the archive?
Have you ever been trying to collect investigation data and the system went offline and you lost all your progress?
The speaker is an experienced investigator sharing personal insights and experience.
Julian Pileggi is a Director of Incident Response at the Bank of Montreal (BMO), based in Toronto. Throughout 14 years of industry experience, his focus has remained on Security Operations, Digital Forensics & Incident Response (DFIR), and Threat Hunting. In addition to working in the Financial Services industry, Julian has also held positions in Mandiant's Incident Response team, and in Incident Response in a Big Tech company. Julian is an experienced public speaker and instructor, having delivered incident response training at conferences, for clients, government agencies and law enforcement.
Topic: Hacking the LinkedIn Job Interview
Speaker: Robert Beggs
During a recent employment search, the speaker used LinkedIn to find and qualify 194 candidates for a penetration testing role. Who was successful during the interview process? To a large extent, success depended on effectively combining LinkedIn with traditional tools such as resumes. This talk will provide an "employer's eye" point of view in looking at the employment process from start to finish, highlighting how LinkedIn and other tools contributed. The goal is to ensure that you can use Linkedin and other social media to your benefit in entering cybersecurity, or changing your role.
Robert Beggs, is the CEO of Digital Defence, a niche cybersecurity company that provides consulting services. Since 2003, they've been active in the Toronto area - and, yeah, Robb is one of the co-founders of TASK!
We look forward to see you all there!
The TASK Steering Committee