Teodor Cimpoesu

Technical Director, CERTSIGN

Teodor Cimpoesu is a seasoned information security professional, with a background formation in management and marketing as well. Since mid-2014 he is a valuable member of the certSIGN team, and now he holds the position of Technical Director with CERTSIGN, an UTI Grup company, leading the technical aspects of the business unit which delivers cyber security services on a MSSP model, along with complex InfoSec projects and formal training. Besides business tasks, he was also involved in local R&D projects and occasionally is involved in complex investigations of advanced threats and malware. On the technical side, Teodor has more than 10 years of experience in software development and management, from requirements definition, architecture and design to project management and implementation with agile methodologies. Current professional interests are in advanced cyber defense/offence methods, threat intelligence and correlation, data mining and machine learning, business intelligence and analytics.

What’s in a name? DNS use for exfiltration, and monitoring for detection

We review several currently in use advanced attack & exfiltration techniques and suggest countermeasures for detection.

We focus particularly on DNS, given that most malware needs it for calling back, but also to exfil the loot.

In a purple teaming approach, we look both from attacker and defender side, with a focus on practical countermeasures for detection and response.

Presentation @DefCamp 2015