Clippy left some traces

Christiaan Beek (McAfee)
live only
19:30 UTC on Day 3
FRIDAY 02 OCTOBER
Mostly when we as threat analysts are investigating Office files, we look at some metadata, extract the macro code, extract strings etc. for IOCs, and we continue. During a recent large investigation, we started to take a deeper dive into the OOXML standard of which docx and xlsx, for example, are constructed. Diving into the specifics and using that on the investigated campaign revealed a lot of new insights and correlation points that threat analysts don't want to miss and can use to broaden their research capabilities.
Christiaan Beek
McAfee Christiaan Beek, Lead Scientist & Sr. Principal Engineer, is part of McAfee’s Office of the CTO leading strategic threat intelligence research within McAfee. He coordinates and leads passionately the research in advanced attacks, plays a key-role in cyberattack take-down operations, and participates in the NoMoreRansom project. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee’s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East and Africa during major breaches. Beek develops threat intelligence strategy, designs threat intelligence systems, performs malware and forensic analysis and pentesting, and coaches security teams around the globe. He is a passionate cybercrime specialist who has developed training courses, workshops and presentations. He speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides conferences, he also frequently teaches at universities, police academies and public schools to recruit, mentor and train the next generation of cybersecurity specialists. Beek contributed to the best-selling security book Hacking Exposed and holds several patents.
arrow left Back

Clippy left some traces

19:30 - 20:00 UTC Fri 2 Oct 2020
Christiaan Beek (McAfee)
Mostly when we as threat analysts are investigating Office files, we look at some metadata, extract the macro code, extract strings etc. for IOCs, and we continue. During a recent large investigation, we started to take a deeper dive into the OOXML standard of which docx and xlsx, for example, are constructed. Diving into the specifics and using that on the investigated campaign revealed a lot of new insights and correlation points that threat analysts don't want to miss and can use to broaden their research capabilities.
Christiaan Beek
McAfee Christiaan Beek, Lead Scientist & Sr. Principal Engineer, is part of McAfee’s Office of the CTO leading strategic threat intelligence research within McAfee. He coordinates and leads passionately the research in advanced attacks, plays a key-role in cyberattack take-down operations, and participates in the NoMoreRansom project. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee’s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East and Africa during major breaches. Beek develops threat intelligence strategy, designs threat intelligence systems, performs malware and forensic analysis and pentesting, and coaches security teams around the globe. He is a passionate cybercrime specialist who has developed training courses, workshops and presentations. He speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides conferences, he also frequently teaches at universities, police academies and public schools to recruit, mentor and train the next generation of cybersecurity specialists. Beek contributed to the best-selling security book Hacking Exposed and holds several patents.