Back by request, I am re-giving my popular NKU Cyber Security Symposium "Phishing Forensics - Is it just suspicious or is it malicious?" presentation at the November 14th (ISC)2 Cincinnati Chapter meeting. In spite of some needed calendar edits on the official web page, the chapter organizers assure me this will happen on November 14th...
Date: Thursday November 14, 2017
Time: 11:30 AM to 12:30 PM
49 E Fourth St.
Cincinnati, OH 45202
Phishing Forensics - Is it just suspicious or is it malicious?
What thoughts currently make tech defenders uneasy as they go to bed at night? Despite implementing and properly configuring the latest technological controls and security solutions into our environments, end users typically remain the most vulnerable point of entry into nearly any network. Unfortunately, only one misstep by a single user provides attackers with the foothold they need to begin compromising an entire enterprise network environment. The safety of our inboxes is a key initiative on the battlefront of protecting staff from the scourge of phishing and spear phishing attacks. We will perform a deep-dive look at the latest techniques used by criminals to bypass security products and traditional defense-in-depth strategies. We then focus heavily on conducting a digital forensic investigation on a sample phishing email message. Topics covered include technical analysis of message headers, message source code, message attachments, and malicious landing web pages even when a dedicated sandbox environment is unavailable.
Matt Scheurer is a Systems Security Engineer working in the Financial Services industry, with previous experience as a Systems Administrator and Email Administrator. Matt holds a CompTIA Security+ Certification and possesses a number of Microsoft Certifications including MCP, MCPS, MCTS, MCSA, and MCITP. Matt has presented on numerous Information Security topics as a featured speaker at a number of area Information Security meetup groups. Matt also had notable speaking engagements as a presenter at DerbyCon 5.0, DerbyCon 7.0, and the 10th Annual Northern Kentucky University Cyber Security Symposium. Matt maintains active memberships in a number of professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), and Information Systems Security Association (ISSA). Matt is a regular attendee at monthly Information Security meetings for 2600, the CiNPA affiliated Security Special Interest Group (CiNPA Security SIG), Ohio Information Security Forum (OISF), and Cincinnati SMBA.