Evgen Blohm
Incident Response @ InfoGuard AG
Hamburg, Germany
Actions
Evgen Blohm is an experienced DFIR expert who has been involved in responding to a large number of cyber incidents. He is based in Hamburg, Germany and is currently working for InfoGuard AG, where he is also supporting customers with compromise assessments and dark web monitoring.
Links
Area of Expertise
Topics
Espressung ohne Ransomware - Interessante Einblicke in das Vorgehen des Threat Actors "BianLian" de
Dieser Talk gibt eInblicke in die Ergebnisse der forensischen Analyse eines BianLian Incidents. Es werden TTPs und IOCs vorgeführt und eine Übersicht der Infrastruktur dieser Gruppe.
Worst Case Cyberattack β Recognise the extent quickly and efficiently en
This webinar introduces and compares various technologies for detecting cyber attacks efficiently. We also take a look at the dark web to identify initial access brokers at an early stage to prevent a potential cyber attack.
Living on the Edge β Evicting threat actors from perimeter appliances en
This presentation will showcase highlights from our past forensic investigations into different compromised edge devices (primarily network equipment), manufactured by Cisco, Fortinet, Citrix and Ivanti. Analyzing these appliances is not as straight forward as on normal endpoints and sometimes requires a bit of creativity. I will include information on the utilized exploits, the targets and motivation of the nation-state or cybercriminal perpetrators and practical tips to investigate and protect these appliances.
Initial Access Techniques - From Past to Present en
The ways and techniques on how to obtain a initial access have changed over time as security measures and tools have improved and made some ways more difficult or even impossible. While most are familiar with traditional phishing emails and have visited countless security awareness lessons to identify such, do they know what click-fix is or why to not download any arbitrary browser extensions? Also some of these techniques target MacOS users, which is especially interesting as many companies do not protect their Mac Devices properly and still believe "We use MacOS, we are safe"
This talk aims to highlight past initial access techniques and why they are not used anymore. Based on this knowledge I'll show new and creative ways Threat Actors use today to establish initial access which is then abused directly by Ransomware Groups or sold in the Darkweb.
"All your files are belong to us!" - Investigating BianLian Extortion-Group Intrusion en
Earlier this year we responded to an Intrusion attributed to the BianLian Data Exfiltration & Extortion Group. We will give a rundown of our findings and BianLian TTPs. It will also contain highlights from our Threat Intelligence investigation, e.g. the TAβs switch from Ransomware to Exfiltration-only and their infrastructure.
Bsides Dresden
Initial Access Techniques - From Past to Present
Bsides Frankfurt
Living on the Edge β Evicting threat actors from perimeter appliances
Bsides Frankfurt
"All your files are belong to us!" - Investigating BianLian Extortion-Group Intrusion
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top