After completing this session, the learner will: - Learn how criminals and red teams are actively subverting core security technologies, such as firewalls, SIEM, AV, EDR, IDS, etc. and what detection engineering entails. - Learn how to detect and respond to highly sophisticated attacks without being inundated with alerts, and limited risk of missing critical data. - Attendees will learn how to effectively hunt for bad actors, and how to truly validate threat indicators. - We're going to have fun. I have some intriguing datasets to walk through around a very active malvertizing campaign targeting Macs with zero-day attacks. - Look behind the scenes at how Carbon Black's Threat Analysis Unit maps out adversarial infrastructure.

Greg Foss is a Senior Threat Researcher with Carbon Black's Threat Analysis Unit (TAU) where he focuses on detection engineering, security efficacy, and product bypasses. In previous roles, Greg led a Threat Research team, built and ran a Global Security Operations program, consulted in penetration testing, and worked as an analyst for the federal government.