Turning to the dark side – Utilizing offensive techniques in incident response
2024-12-14 , Rookie track 2

As incident responders in the insurance space, we often respond to incidents where critical evidence is no longer available for analysis. This presentation will demonstrate how incident responders can use offensive security techniques to determine likely root causes and inform effective containment strategies.


As incident responders in the insurance space, we often respond to incidents where critical evidence is no longer available for analysis either due to hardware failure, complete encryption or eager recovery efforts. This leads to our incident responders taking a step back and using offensive techniques to determine what the most likely method of entry was. This presentation will demonstrate a few of the techniques we have utilized including:

Open source intelligence: Identifying network information from open source intelligence.

Leaked data: Identifying victim data such as leaked usernames and passwords from data leaks.

Active Directory attacks: Identifying common weaknesses in Active Directory configuration and performing attacks against Active Directory accounts and services to identify weak links.


Please confirm that I am a first time speaker and have not spoken in public and will not be before the Bsides London event date (14th December 2024).:

Yes

Cyber Incident Response Analyst Archie Essien is a dynamic and skilled cyber security specialist. In his role at Solis, he focuses on investigating email compromises and ransomware attacks. With more than five years’ experience in the sector, Archie has a talent for understanding how cyber incidents occur and devising effective responses to mitigate their impact.

Archie’s enthusiasm for cyber security first took hold while he was studying for a degree in Computer Networks and happened to take a module on the topic. This new interest encouraged him to take a job in IT support with SS&C Technologies, where he gained valuable experience managing IT infrastructure and resolving technical issues.

Since joining Solis’ sister company CFC in 2021, Archie has focused on cyber incident response, earning respect for his thorough investigations and his ability to stay current with emerging cyber threats. His work primarily involves resolving complex cyber incidents and talking clients through what are often highly stressful situations, transforming initial anxiety into reassurance.

Archie brings an infectious energy and enthusiasm to every project he works on. Motivated by a longstanding passion for helping others, he works closely with clients - and with colleagues in Solis and CFC - providing crucial insights that help shape strategy and decision-making.

With his outstanding technical acumen and keen eye for detail, Archie plays a key role helping Solis clients recover from cyber incidents and build resilience against future threats.