Ionut is a Senior Security Analyst in the Security Center of Excellence of SecureWorks and in his daily routine he is responsible for investigating high alerts, determining the source of the threat, the extent to which company assets have been compromised, making recommendations for remediation, and assisting in the implementation for one of SecureWorks’ largest clients. Previously he provided advanced technical support to enterprise organizations in the EMEA region for Office 365 cloud clients, working as a support engineer for one of Microsoft’s customer support partners. Besides troubleshooting configuration issues he was also assisting IT administrators in their mission to improve the overall security posture of an organization’s email system and lessen the chances of being hacked or suffering from a data breach. He also enjoys working across different fields including networking, system administration, virtualization and data analysis.

Sharper than a Phisher’s Hook – The Story of an Email Autopsy

Some say that up to 70% of compromises to enterprise infrastructures start with a malicious mail. While state-of-the art systems will filter a lot of the commodity stuff, the real nasties will bypass these tools more often than not. Not to mention legitimate, compromised accounts that are used for nefarious purposes, making detection all the more difficult. Therefore, arming yourselves with the knowledge and the tools (most of them free / open source) to perform in-depth investigations on suspicious emails should be a priority for any Enterprise SOC.
During this presentation, the hosts will highlight some of the methods our InfoSec analysts are using to extract artifacts from a suspicious e-mail leveraging not too many open-source tools and mostly… manual analysis. Because well… that’s the best way to do it, isn’t it?
What you are about to see is a workflow stemming from the expertise in the Security Center of Excellence that SecureWorks has in Bucharest. The exposure that our teams have every day to the never-ending barrage of suspicious emails means that we needed to develop effective ways to triage, analyze, contain and neutralize thousands and thousands of messages daily.
By attending this presentation, you will have a rare opportunity to catch glimpse of what’s happening behind the scenes of probably the largest and most diverse Information Security Center in Central and Eastern Europe.
Presentation’s Co-Presenter is Alexandru Musat, InfoSec Team Lead at SecureWorks .