Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore advanced network forensics and threat detection techniques through real-world corporate security investigations in this DEF CON 33 conference talk. Learn how to leverage corporate network tools to identify and investigate various threat actors, from individual fraud cases to sophisticated nation-state operations. Discover the process of uncovering timecard fraud through network log analysis, including the detection of an automated fingerprint device hidden in a corporate facility used by contractors working in denied areas. Examine IoT security analysis methods through chip-off extraction techniques demonstrated on Chinese voting machine prototypes, including the use of 4G connectivity, Bluetooth, and WiFi for forensic analysis. Master the identification and mitigation of North Korean IT worker fraud within corporate networks by detecting piKVM switches, analyzing suspicious device connections, and recognizing patterns such as multiple user devices connecting to single workstations and timecard updates occurring in foreign time zones. Understand how to correlate digital forensics evidence across multiple companies to track fraudulent workers, including the use of VPN detection, Windows event code searches in Splunk, and geographic location spoofing identification techniques.
