Chasing a red team from the dressing room into the cloud

Discord - https://bit.ly/BSidesDFWDiscord Twitter - http://bit.ly/tfornez Like clothing, cloud security assessments come in all shapes and sizes but they don’t often start in a men’s dressing room. In this talk we’re going to take the perspective of a blue teamer as they track a real red team assessment from the physical compromise of a retail store, through the traditional enterprise and eventually into an enterprise AWS cloud. Along the way I am going to share the lessons we learned from a detection and response perspective and share some of the core competencies that we have found to be the groundwork for a great purple team engagement. This talk is for anyone who: 1. Wants to learn more about incident response in the cloud vs. the enterprise 2. Wants to learn what an advanced adversary does in the cloud 3. Is looking for ideas/considerations for when they schedule their next red/purple team engagement 4. Is broadly curious about AWS from a security perspective Tyler Fornes is a Principal Detection and Response Analyst at Expel. In this role, he's responsible for leading Expel's Global Response Team in performing incident response for both Expel's enterprise and cloud offerings. Prior to Expel, Tyler worked at FireEye after receiving a M.S. in Computing Security at the Rochester Institute of Technology.