Cosmin Anghel

Incident Manager at UTI-CERT

Cosmin Anghel is a infosec professional with 6 years experience in cyber security field, currently leading the CERT Services Departament within UTI CERT the first private CSIRT in Romania founded by certSIGN SA.
Previously to that, he held the position of Incident Manager and was responsible for managing the incident response activities before, during and after incidents.

Also, he held for 4 years the position of cyber security expert within National Cyberint Center with responsabilities in identification and investigation of APTs campaigns and cyber-crime ecosystem.

As a professional who is dedicated to the Cyber Security field, Mr. Anghel strives to promote a culture for continual self-improvement. He attends security conferences/training courses and stays abreast of the latest security trends.
The following lists areas of expertise/services in which Mr. Anghel provides:

– Incident Response
– Digital Forensics
– Vulnerability Assessments
– IT Governance/Policy Development

What’s in a name? DNS use for exfiltration, and monitoring for detection

We review several currently in use advanced attack & exfiltration techniques and suggest countermeasures for detection.

We focus particularly on DNS, given that most malware needs it for calling back, but also to exfil the loot.

In a purple teaming approach, we look both from attacker and defender side, with a focus on practical countermeasures for detection and response.

Presentation @DefCamp 2015