Evgen Blohm
Incident Response @ InfoGuard AG
Hamburg, Germany
Actions
Evgen Blohm is an experienced DFIR expert who has been involved in responding to a large number of cyber incidents. He is based in Hamburg, Germany and is currently working for InfoGuard AG, where he is also supporting customers with compromise assessments and dark web monitoring.
Links
Area of Expertise
Topics
Living on the Edge – Evicting threat actors from perimeter appliances
This presentation will showcase highlights from our past forensic investigations into different compromised edge devices (primarily network equipment), manufactured by Cisco, Fortinet, Citrix and Ivanti. Analyzing these appliances is not as straight forward as on normal endpoints and sometimes requires a bit of creativity. I will include information on the utilized exploits, the targets and motivation of the nation-state or cybercriminal perpetrators and practical tips to investigate and protect these appliances.
Worst Case Cyberattack – Recognise the extent quickly and efficiently
This webinar introduces and compares various technologies for detecting cyber attacks efficiently. We also take a look at the dark web to identify initial access brokers at an early stage to prevent a potential cyber attack.
MacOS Investigation Workshop
The goal of this workshop is to equip participants with the essential knowledge and practical skills needed to perform forensic analysis of macOS systems in the context of modern threats.
Although macOS devices still represent a smaller share of enterprise environments compared to Windows, they are increasingly targeted by threat actors. As a result, macOS security and forensic analysis remain less mature and underrepresented in many organizations’ defensive strategies. Recent industry reports — including findings from Red Canary showing a 400% increase in macOS-related threats between 2023 and 2024 — highlight the urgent need for improved visibility and expertise in this area.
This workshop will guide participants through the fundamental steps of conducting macOS forensic investigations, including:
- Creating logical and triage images of macOS devices
- Identifying and interpreting key system artifacts
- Investigating artifacts for evidence of threat actor activity
- Utilizing common forensic tools to support analysis
- Understanding the evolving macOS threat landscape
By the end of this workshop, participants will be able to independently conduct forensic investigations on macOS systems and will receive additional resources to support continued learning and future casework.
"All your files are belong to us!" - Investigating BianLian Extortion-Group Intrusion
Earlier this year we responded to an Intrusion attributed to the BianLian Data Exfiltration & Extortion Group. We will give a rundown of our findings and BianLian TTPs. It will also contain highlights from our Threat Intelligence investigation, e.g. the TA’s switch from Ransomware to Exfiltration-only and their infrastructure.
Initial Access Techniques - From Past to Present
The ways and techniques on how to obtain a initial access have changed over time as security measures and tools have improved and made some ways more difficult or even impossible. While most are familiar with traditional phishing emails and have visited countless security awareness lessons to identify such, do they know what click-fix is or why to not download any arbitrary browser extensions? Also some of these techniques target MacOS users, which is especially interesting as many companies do not protect their Mac Devices properly and still believe "We use MacOS, we are safe"
This talk aims to highlight past initial access techniques and why they are not used anymore. Based on this knowledge I'll show new and creative ways Threat Actors use today to establish initial access which is then abused directly by Ransomware Groups or sold in the Darkweb.
Security BSidesLjubljana 0x7EA Sessionize Event Upcoming
Bsides Göteborg
MacOS Forensic Workshop
Bsides Dresden
Initial Access Techniques - From Past to Present
Bsides Frankfurt
Living on the Edge – Evicting threat actors from perimeter appliances
Bsides Frankfurt
"All your files are belong to us!" - Investigating BianLian Extortion-Group Intrusion
Evgen Blohm
Incident Response @ InfoGuard AG
Hamburg, Germany
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top