BSidesDFW 2024 Track 1 Session 3 - 02 Nov 2024
I Knew You Were Trouble
This presentation unfolds a narrative of how a single OSINT pivot, a SHA-1 hash of a TLS certificate, unraveled a network of Lockbit Cobalt Strike servers. Beginning with an unexpected discovery during research on Blackcat ransomware investigation, the talk will highlight how a single pivot led to the identification of 44 related IP addresses and the nexus of domains managed by a single entity—shedding light on operational patterns, missteps, and mishaps.
@jbeley
Jeff has nearly 30 years of cybersecurity experience working with Fortune 500 organizations. He has led some of the largest nation state investigations - to include cyber espionage, critical national infrastructure, and cyber criminal ransomware cases and is currently a Senior Manager and Global lead investigator with Accenture Security's customer facing incident response team, working with Accenture's largest clients, to investigate and remediate latent and persistent cybersecurity threats. Jeff oversees teams of investigators and threat hunters, leading nation state cyber espionage investigations, threat actor eradication, and destructive ransomware response and recovery efforts.
*Jeff's current role entails making artisan Taylor Swift GIFs, chatting with various AI models and consulting law enforcement on breaches of national importance and his team's work has led to a number of convictions of threat actors at the behest of some Accenture's largest clients. Jeff's incident response themed cocktail recipes are legendary pain relievers.*