Adelia Ibragimova
Detection & Response | Cloud IR | AWS / GCP / Azure
Fairfax, Virginia, United States
Actions
Adelia Ibragimova is a security engineer with a focus on cloud-native detection, incident response, and SOC automation. With hands-on experience at EPAM Systems and Amazon, designs and operates scalable detection platforms across AWS, GCP, and Azure, background includes real-time incident handling and the use of open-source tools to drive investigation and response in production environments.
Links
Area of Expertise
Topics
Hunting with Context: Automating OSINT Enrichment & Detection-as-Code in Microsoft Sentinel
This talk explores how to integrate OSINT and detection-as-code to shift from reactive alerting to proactive hunting. We demonstrate a live pipeline that automatically ingests IOCs from paste sites, GitHub, and threat feeds, enriches them via passive DNS/TLS, geo, and WHOIS data, and deploys context-rich KQL detection rules in Microsoft Sentinel using infrastructure-as-code.
We’ll show how to:
Collect and enrich threat indicators with minimal manual effort
Use GPT-based models to generate KQL detection rules from threat reports and IOCs
Automate rule deployment to Sentinel via GitHub Actions or Azure DevOps
Correlate OSINT to real-time telemetry for threat hunting
Attendees will walk away with actionable tooling and design patterns to enhance SOC workflows using open-source, AI-powered, and cloud-native technology.
Hunting Cryptojackers in the Multicloud: AWS, Azure, and GCP
In this live incident response simulation, the audience will be randomly divided into three teams, each representing a cloud environment: AWS, Azure, or GCP. Each team receives a curated breach scenario reconstructed from anonymized real-world cryptomining activity. Datasets include IAM traces, billing anomalies, container workload artifacts, and intentionally misleading signals to simulate realistic investigation challenges.
The objective: be the first team to correctly identify the cloud resource — an EC2 instance, GKE pod, or AKS container group — responsible for unauthorized cryptocurrency mining.
No vendor tooling, no product demo — just a hands-on exercise focused on attacker behavior in cloud-native environments
This session is a practical, time-limited investigation focused on identifying differences in visibility, telemetry, and detection across AWS, Azure, and GCP. Each team works with real-world logs, connects observed behaviors, and supports their findings with evidence.
Adelia Ibragimova
Detection & Response | Cloud IR | AWS / GCP / Azure
Fairfax, Virginia, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top