Alexandru acts as a team lead for a team of security analysts within SecureWorks’ Security Center of Excellence – Romania. He has a BSc in Computer Science and more than ten years of experience in IT, five of which he spent as an IT specialist for the Romanian Intelligence Service. His vast experience, analytical thinking and proactivity helped him in his endeavors at SecureWorks, quickly climbing, in just two years of activity, through the hierarchical ladder, from a security analyst position to a technical leadership position within the company. During his engagement at SecureWorks, he contributed to the development of the Incident Response and Vulnerability Management plans for the client he is protecting, while always keeping a keen eye for security enhancements opportunities. In his spare time, he enjoys reading specific interwar or intelligence related history books, he enjoys playing football – the real one, not the American variety as well as computer games. Mountain climbing is also one of his big passions. Although he is not really a fishing fan, he really enjoys dealing with the cybersecurity counterpart, as he always does his best in getting the most out of these specific attacks.

Sharper than a Phisher’s Hook – The Story of an Email Autopsy

Some say that up to 70% of compromises to enterprise infrastructures start with a malicious mail. While state-of-the art systems will filter a lot of the commodity stuff, the real nasties will bypass these tools more often than not. Not to mention legitimate, compromised accounts that are used for nefarious purposes, making detection all the more difficult. Therefore, arming yourselves with the knowledge and the tools (most of them free / open source) to perform in-depth investigations on suspicious emails should be a priority for any Enterprise SOC.
During this presentation, the hosts will highlight some of the methods our InfoSec analysts are using to extract artifacts from a suspicious e-mail leveraging not too many open-source tools and mostly… manual analysis. Because well… that’s the best way to do it, isn’t it?
What you are about to see is a workflow stemming from the expertise in the Security Center of Excellence that SecureWorks has in Bucharest. The exposure that our teams have every day to the never-ending barrage of suspicious emails means that we needed to develop effective ways to triage, analyze, contain and neutralize thousands and thousands of messages daily.
By attending this presentation, you will have a rare opportunity to catch glimpse of what’s happening behind the scenes of probably the largest and most diverse Information Security Center in Central and Eastern Europe.
Presentation’s Co-Presenter is Ionut Marin, Information Security Sr. Analyst at SecureWorks.