NorthSec 2024

Greg Lesnewich

Greg Lesnewich is a Senior Threat Researcher at Proofpoint, focused on identifying, tracking, detecting, and disrupting malicious activity linked to North Korea and Russia. Greg has a background in threat intelligence, incident response, and managed detection, previously working at Recorded Future, Leidos, and NCFTA, with experience in developing methods of tracking espionage and state-sponsored activity. Greg enjoys the topics of weird forensic artifacts, measuring malware similarity, YARA, and infrastructure tracking.

The speaker's profile picture

Sessions

05-16
13:45
30min
Will the real attribution please stand up?
Alexis Dorais-Joncas, Greg Lesnewich

Does attribution of cyber operations actually matter? It depends on who’s asking. Using real world APT examples from threats attributed to Iran, Turkey, North Korea and Russia, we’ll demonstrate what details go into attribution work from the perspective of email security vendor, why attribution can be useful for defenders and how Blue Teams can use it to better inform threat modeling and risk. We'll define attribution, compare the concepts of attribution and Attribution, discuss how softer attribution should be paired with harder, more technical attribution and then close by discussing potential pitfalls we’ve seen with attribution working for the government, private corporations and at a security vendor.

Malware
Ville-Marie
05-16
15:15
30min
Malware Q&A
Alexandre Côté, Marc-Etienne M.Léveillé, Alexis Dorais-Joncas, Sergei Frankoff, Greg Lesnewich, Pierre-Marc Bureau

Q&A Discussion for the malware block.

Malware
Ville-Marie