Matt Bromiley
Independent Infosec Professional
Matt Bromiley is a principal incident response consultant at a top digital forensics and incident response (DFIR) firm where he assists clients with incident response, digital forensics, and litigation support.

Matt brings his passion for digital forensics to the classroom as a SANS instructor for FOR508: Digital Forensics, Incident Response, and Threat Hunting, and FOR572: Advanced Network Forensics, where he focuses on providing students with implementable tools and concepts.

Outside of work, Matt loves spending time with his family, cooking Texas BBQ, and making his house as automated as possible in hopes that it will one day do work for him.

Purple Packets: Effective Network Defense Against Real-World Attacks
Technical Level (3 being the highest score): 3

There are two sides to every story. Good and bad. Day and night. Host and network. Unfortunately, when it comes to enterprise security, many organizations tend to focus heavily on host-based defenses, and apply “just-enough” monitoring to their network. However, we feel that the network can be one of the best places to not only defend against the attacker, but also observe and understand the capabilities.

Even worse - without proper, impactful network security, you may not be implementing the right adversary defenses. In this talk, we’re going to take a technical lens to the techniques via which advanced adversaries utilize your networks. Whether it’s via intricate protocol abuse, malleable traffic, or combinations of protocols to avoid standard detection, there is much to glean from an observation of network traffic.

To help our audience discover just how impactful proper network defenses can be, we’re going to emulate the top techniques followed by a detailed, technical explanation of each attack. Furthermore, we’ll outline specific steps that would have detected and stopped the malicious traffic. Our goal, by the end of the session, is for our attendees to have a solid understanding of how the attacks work and what they need to do to protect themselves.

Matt and Aaron have combined their expertise to demonstrate real-world scenarios and network forensics.

Watch Aaron describe and perform live attacks a live target, while Matt's defensive infrastructure captures and analyzes the attacks in real-time. Matt will then walk through his defenses, providing details you can use to protect your network.

Presentation slides can be found HERE

Presentation video can be found HERE