Ryan Thompson is currently working as a Senior Intrusion Researcher at Crowdstrike. His primary functions include conducting post-mortem analysis on hands-on intrusions and researching attacker techniques and trends. Previously, Ryan has worked as an Instructor at Elastic teaching the Air Force, Navy, and Army to conduct threat hunting using open source tools such as Kibana, Suricata, and Zeek. Before that, he was a Senior Security Analyst at Alert Logic providing weekly recommendations to clients using packet analysis, IDS alerts, and log-based investigations. He currently holds several SANS certs and is a TA for SANS FOR508 (GCFA).
State-nexus threat actors are often perceived as mythological creatures that can infiltrate a system with a snap of their fingers and operate without a trace. While threat actors should not be underestimated, they work within the same constraints that operating systems place on all users. Through a retrospective look at a PIONEER KITTEN intrusion, attendees will gain insight into how nation state-nexus actors operate in the wild and how to unearth adversarial tradecraft in their own environment.