Hi [[ session.user.profile.firstName ]]

Hunting Hackers in the Carding Underground

The rise in e-commerce data breaches over the past year raises important questions: Why is cardholder data such a big target, how do the bad guys get in and why are we seemingly powerless to stop them?

This session will examine the black market for card data, the three most common attack vectors, and the wrong way to encrypt databases.

You will see real-world examples of malware discovered during investigations and gain insights into the skill sets of each attacker.
Recorded Jul 30 2015 53 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Grayson Lenik, Director of Digital Forensics and Incident Response at Nuix
Presentation preview: Hunting Hackers in the Carding Underground

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Your IT Department Purchased Office 365 - How Do You Transfer Data? Jun 28 2018 6:00 pm UTC 60 mins
    Mo Ramsey and Alex Chatzistamatis
    Has your IT department recently purchased Office 365? Is your team thinking about adopting the new technology? Discover what data you should move to Office 365 and why it matters to you in this interactive, free webinar in Lighthouse’s Office 365 series.

    Mo Ramsey, General Manager of Global Advisory Services at Lighthouse, and Alex Chatzistamatis, Principal Solutions Consultant at Nuix will cover diverse ways for you to move data and remediate risk, as well as key considerations to take when making the move. They will also dive into how the Nuix Engine may be used during this cumbersome process, its many capabilities, and key benefits.

    The team will wrap up the webinar with a short Q&A session that will allow you to further engage and ask any remaining questions that you and your team may have. Do not miss this free opportunity to learn practical tips and tricks from industry experts.
  • GDPR is here – What’s next for organisations? Jun 25 2018 2:00 pm UTC 60 mins
    Brian Tuemmler, Information Governance Program Architect & Jack McMillian, Technical Project Manager
    After months, and years, of talking about it, the 25th May 2018 has come and gone meaning the EU General Data Protection Regulation (GDPR) is now in force. But what does that mean for organisations around the world? They are now faced with having to adjust their business practices to ensure compliance to the legislation given to data subjects – yet in seems that no one is ready or many have underestimated the extent of the organisational changes that lies ahead. We have already seen many news websites be taken offline for European audiences under the GDPR rules and the big player of Facebook and Google already accused of breaching the framework. It is only a matter of time before EU data subjects begin to fully exercise their rights, such as Subject Access Requests (SAR). How could you cope with the pressure of responding to these requests?
    There Is a silver lining. In this webinar, we review some practical steps that your business can take to address GDPR concerns, specifically when dealing with data subject requests.

    Key takeaways:
    •Explore practical steps that businesses can take to address their GDPR data requirements.
    •Discuss the ability to act post-GDPR, where it is never too late to begin building your infrastructure
    •Outline ways to improve costs and man power to address business GDPR issues, such as responding and producing subject access requests.
  • The Black Report Recorded: May 23 2018 44 mins
    Chris Pogue, Head of Services, Security and Partner Integration
    The second edition of The Nuix Black Report has been released including new insights and information on the source of the threat, the attackers and penetration testers themselves. Join Chris Pogue, Head of Services, Security and Partner Integration, discuss the true nexus between attacker methodology and defensive posture in this live webinar.

    You will gain a deeper understanding of the nexus between attacker methodology and defensive posture, including

    1. Which security programs and countermeasures will improve your security posture? They’re not the ones you think
    2. What’s the best spend for your security dollar and why?
    3. If hackers could speak to your organization’s leaders, what would they say?
  • GDPR - Let’s talk legal, the implications of GDPR and your data Recorded: May 22 2018 37 mins
    Nick Pollard, Head of Region, Southern & Eastern Europe, Emerging Markets at Nuix and Gareth Atkinson, StartRiskLab
    Organisations are still worried that they may still be open to GDPR legal issues and legal interpretation. Join our speakers Nick Pollard, Nuix and Gareth Atkinson, StartRiskLab who will explore where you should be right now with your GDPR preparations.

    In this webinar, you will learn:

    1. How to cross-reference your preparations
    2. Understand the legal position on various GDPR schedules
  • Reducing Breach Costs with Early Detection and Rapid Response Recorded: Apr 25 2018 28 mins
    Harlan Carvey Director of Intelligence Integration, at Nuix
    It takes minutes to get inside. Days to exfiltrate. Detection can take weeks, maybe months. The impact is huge: lost revenue, increased costs, and damage to your organization’s brand.

    You can’t completely stop breaches from happening, but you can remediate the direct and indirect costs they can have on your organization. By taking a proactive stance, you can properly plan and budget for the costs associated with a breach. Through early detection and rapid response, you can obviate the need to notify affected customers and reduce the costs associated with notification.

    This webinar will cover:
    • How a “data breach” is defined, legislated, and how they occur
    • Direct and indirect costs facing organizations that are breached
    • Differences between “left of breach” (proactive approach) and “right of breach” (reactive approach) by exploring real-world examples
    • How early detection and rapid response can drive down the cost of a breach.

    About the presenters:

    Harlan Carvey, Director of Intelligence Integration
    Harlan began his career in information security 28 years ago. After serving on active duty with the United States military, he transitioned to planning, coordinating, and executing vulnerability assessments. He then went on to digital forensics and incident response, which in turn led to targeted threat hunting and response.
  • Closing the Window on Fraud and Financial Crime Recorded: Mar 14 2018 42 mins
    Keith Lowry, SVP & Peter Evans, Sr. Information Security Consultant, Nuix
    Everyone’s been compromised. Financial services companies should just assume that’s the case. Yet, many companies still don’t have effective programs or inter-departmental policies and procedures in place. They measure the time it takes to identify a breach in months, sometimes years, and fraudulent transactions often go uncaught.

    However, there is hope. We will examine three distinct cases of financial fraud and, using investigations, eDiscovery, and cybersecurity tools in new ways, demonstrate how you can minimize your risk and limit the damage done to your organization.

    Attendees to this webinar will learn:

    • The differences, and similarities, between three distinct types of financial fraud using real-world examples
    • The business challenges that arise from not detecting or reacting to fraud and security incidents
    • How inter-departmental boundaries prohibit effective response
    • How to expand their use of traditional forensic, eDiscovery, and cybersecurity tools to shorten the time criminals have to operate.


    Keith has more than 25 years of experience implementing, managing, and directing insider threat, counterintelligence, and intelligence collection programs. He is a former law enforcement officer and High-Technology Crime Unit detective with the City of San Jose California and a United States Navy Mobilized Reservist. He also served as Chief of Staff to the Deputy Under Secretary of Defense for Human intelligence, Counterintelligence and Security at the Pentagon.

    Peter is a Senior Information Security Consultant at Nuix. He has more than ten years’ experience in federal law enforcement and another ten years’ experience as an Information technologies and radio frequency engineer. While working in law enforcement, Peter was detailed to the Electronic Crimes Task Force and was the lead forensic investigator on many computer crimes, network intrusions, and wireless exploitation cases.
  • Corporate Espionage Recorded: Feb 15 2018 43 mins
    David Smith, CISO, Nuix and Nick Pollard, Nuix
    For as long as there has been commerce, there has been espionage. Although the medium for the theft of data may be as prosaic as a USB device, the impact of the loss of sensitive information can be financially devastating for the victim. In contrast, the intrinsic value of the information stolen may be completely disproportionate to the reputational damage caused if the outside world perceives that the organisation concerned failed to take adequate steps to prevent such leaks.

    Espionage takes many forms and can range from a simple swipe of client data by a departing employee through to a sophisticated data grab of business critical documents.
  • Theory to Practice: Insider Threat Lessons from Waymo vs. Uber Recorded: Jan 25 2018 51 mins
    Stephen Stewart & Keith Lowry
    Well-placed insiders, covert meetings, secret world-changing technology, and huge sums of money changing hands—sounds like the latest spy novel, right? But it’s not; this is a true story, where data is the main character in the Waymo vs Uber case.

    Data is an organization's most valuable asset. Just ask your most determined adversary, keen on stealing your intellectual property for financial gain. Do you have the right strategy in place to protect your critical value assets?

    If that plan doesn’t include a system and process that gives you 360-degree visibility into users’ behavior, and links those behaviors with network data, emails, texts, digital, social media, and mobile forensic artifacts, you aren’t as protected as you think. The Waymo vs Uber case offers us a valuable, real-world situation to learn from and guide our own practices.

    Join our CTO, Stephen Stewart, and SVP and former naval intelligence officer Keith Lowry, to learn how organizations are combining traditional investigations, eDiscovery, and cybersecurity tactics to defend their organizations from insider threats.

    We'll cover:

    The latest twists and turns of the Waymo vs Uber case
    How you can apply counterintelligence techniques to combat industrial espionage
    How organizations can gain a 360-degree investigative view of their environment, and be ready for their next digital threat.
  • Augmenting Human Intelligence Recorded: Jan 17 2018 53 mins
    Stuart Clarke and Nick Sharples
    Automation technology has been advancing at a rapid pace in recent years. Developments in the fields of artificial intelligence and machine learning have enabled organisations to handle, process and interrogate masses of data that would have been impossible not so long ago.

    In this webinar, we will review cases involving financial crime and explore the right mixture of machine and human resources when responding to cyber-related incidents.

    Key takeaways:
    - Explore how machine learning and artificial intelligence are vital for the future of cybersecurity and intelligence driven investigations
    - Understand how to make use of machine learning within Nuix to reduce noise and identify artefacts relevant to your investigation
    - Explore how Nuix Analytics & Intelligence uses traditional graph search to focus on important relationships that will deliver insights in complex cases
    - Understand the divide between the investigation of activity by a human investigator and the insights into that activity brought by automated analysis
  • Left and Right of Breach Recorded: Oct 4 2017 58 mins
    Stuart Clarke & Nick Pollard
    Historically the initial focus of cybersecurity is to detect adversary activity after it has happened (right of breach). At this point the perimeter has already been breached and the attackers are in a position to exfiltrate data. While this is effective from an investigative perspective, we are not best equipped for the modern threats facing our organisations. In this webinar we will discuss the need to make a paradigm shift to get ahead of a breach (left of breach) and towards a state of prevention.

    1. Understand the impact of being right of breach.
    2. Explore how endpoint technology and behavioral analysis can move us towards being left of breach.
    3. Learn how being left of breach can enable better visibility more effective use of intelligence
  • Hyperscale Your Investigations and Intelligence Capabilities Recorded: Sep 14 2017 61 mins
    Paul Slater & Mark McCluskie
    How do you future-proof your investigative lab capabilities to handle the expanding complexity and volumes of digital evidence involved in cases today?

    During this session you will hear some ideas and concepts to help tackle this ever growing problem and how intelligent, defensible workflows enable investigators to work together at a national level, giving them one view over multiple jurisdictions and multi-terabyte case files.

    Learn how to:
    1. Automatically identify and link key artifacts and intelligence items such as named entities and digitally fingerprinted material across multiple evidence sources and historical cases
    2. Set up collaborative investigations involving hundreds of investigators, officers and analysts, who can all work together on cases no matter where they are located
    3. Prioritize and distribute key data to users of differing skill levels to maximize skill sets and resources.
  • Train as You Fight: The Value of Threat Simulations vs. Pen Testing Recorded: Apr 12 2016 59 mins
    Ryan Linn, Director of Advanced Tactics and Countermeasures
    Tools and policy frameworks are only as good as the people who implement and support them. Automated mechanisms can only go so far before they rely on human intelligence to drive the appropriate reaction. The controls required by security frameworks and the data they generate, however, are overwhelming, and finding the right security talent can feel impossible.

    Organizations often choose to prioritize the implementation of their security program components on the basis of risk. By identifying potential impacts and attack vectors, it’s easier to identify the controls that produce the biggest return on investment. Training your staff to understand what they see when they see it, and how to respond proactively, will help you build a security organization that is resilient in the face of evolving threats and identify any controls gaps you have while you execute your security roadmap.
    This webinar will talk about how organizations can evolve beyond the compliance checklist and overwhelming scanner results by employing threat simulations. We will discuss how threat simulations differ from penetration testing, how they can be used to help make your organization stronger, and how they can replace traditional penetration testing as part of a security program.

    We will focus on a discussion of attack chains, mapping methodologies to real world threats, and then look at a sample attack to see how a nominally compliant system can still be compromised.
  • Lessons Not Learned: Cybersecurity's Habitual Mistakes Recorded: Mar 23 2016 59 mins
    Grayson Lenik, Nuix; Dan Haagman, NotSoSecure; Gregory J. Bautista, Wilson Elser LLP; Scott Sarafian, US Secret Service
    Since data breaches have increasingly become more commonplace, it seems reasonable that the lessons learned from each incident would find their way into the defensive strategies of non-impacted organizations the world over. The truth is, while a large portion of this information is publically available, organizations are still suffering from the same poor IT hygiene that has plagued the industry for years. Why is that the case?

    Join Moderator Chris Pogue, SVP, Nuix Cyber Threat Analysis Team, and a panel of security experts from Nuix, Kroll, Wilson Elser, and the United States Secret Service as they discuss their observations from the thousands of breaches they have collectively investigated or litigated, and try to identify the elusive answer to the seemingly simple question, “Why are we not learning our lesson?”.
  • Fighting Cyberespionage: Protecting Enterprise from the Enemy Outside & Within Recorded: Dec 17 2015 59 mins
    Keith Lowry, Nuix SVP Threat Intelligence; Chris Pogue, Nuix SVP CyberThreat Analysis; Amie Taal, Cybersecurity Expert
    The protection of your organization's trade secrets, collected PII data, and confidential matters are your top priority. The same is an attractive asset for thousands of hackers around the world looking to profit or gain a competitive advantage that could damage the integrity and success of your organization’s objectives.

    In this webinar, join three seasoned cybersecurity experts as they present the trends in cyberespionage and discuss:

    • What makes organizations vulnerable to cyberespionage
    • Why cyberespionage activity can vary across industries based on hacking drivers
    • How a combined security approach that focuses not just on external threat actors but also privileged insiders can help identify spying activity in the enterprise
  • Early Case Assessment is Elementary, Dear Watson Recorded: Oct 26 2015 55 mins
    Michael Lappin- Nuix and George J. Socha, Jr., Esq, Socha Consulting LLC
    Corporate data volumes are exploding exponentially, but legal budgets and court imposed deadlines are not keeping pace. It doesn't take Sherlock Holmes to recognize that reducing your time to knowledge can yield big dividends in cost containment and risk mitigation.

    We can help you to see the bigger picture and better prepare for strategic project management, meaningful discovery negotiations, and informed proportionality arguments.

    Our webinar will show you how you can use common investigative techniques to:

    - Perform timeline and gap analysis
    - Identify anomalies and trends
    - Reduce the noise quickly and efficiently
    - Find connections.
  • Breaking Cybercrime: Real-Life Case Studies from Today’s Top Security Experts Recorded: Oct 20 2015 51 mins
    Chris Pogue, Erik Rasmussen, Alex Major & Eduardo E. Cabrera
    Our panel of security experts will cover the steps needed to appropriately respond to a data breach including how to:

    - Engage with law enforcement (FBI and Secret Service)
    - Work with general counsel on notifications steps, corporate communications, and preparation for post breach litigation
    - Act on your Incident Response plan quickly and effectively
    - Communicate the actions being taken to internal stakeholders including executive staff, and the board of directors
    - Improve risk management by implementing lessons learned
    - Improve your cyber resiliency through a realistic breach preparedness program.

    Your featured speakers include:
    - Chris Pogue - Senior Vice President, Cyber Threat Analysis, Nuix
    - Erik Rasmussen - Director of Cyber Intelligence and Investigations for Global Payment Systems Risk, Visa Inc
    - Alexander W. Major - Associate in the Government Contracts, Investigations & International Trade Practice Group, Sheppard Mullin Richter & Hampton LLP
    - Eduardo E. Cabrera - Vice President Cybersecurity Strategy, Trend Micro
  • Protecting Critical Value Data From the Inside Recorded: Sep 16 2015 51 mins
    Keith Lowry, Nuix, Stan Gallo, KPMG & Nigel Phair, Centre for Internet Safety
    More than one-third of all cybercrime incidents and security breaches are caused by insiders. Insiders have many motivations, including financial, political or emotional. But no matter the reason, insiders inappropriately access an organisation’s critical value data.

    Join Keith Lowry, Senior Vice President of the Business Threat Intelligence and Analysis Team at Nuix and Stan Gallo, Director and National Leader of Forensic Technology at KPMG, as they cover:

    - The definition of an insider threat
    - What organisations are doing wrong in their approach to managing insider threats
    - How to design and implement an insider threat program.
  • Hunting Hackers in the Carding Underground Recorded: Jul 30 2015 53 mins
    Grayson Lenik, Director of Digital Forensics and Incident Response at Nuix
    The rise in e-commerce data breaches over the past year raises important questions: Why is cardholder data such a big target, how do the bad guys get in and why are we seemingly powerless to stop them?

    This session will examine the black market for card data, the three most common attack vectors, and the wrong way to encrypt databases.

    You will see real-world examples of malware discovered during investigations and gain insights into the skill sets of each attacker.
Nuix is a cybersecurity, risk and compliance software company
Nuix (www.nuix.com) understands the DNA of data at enormous scale. Our software pinpoints the critical information organisations need to anticipate, detect and act on cybersecurity, risk and compliance threats

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Hunting Hackers in the Carding Underground
  • Live at: Jul 30 2015 5:00 pm
  • Presented by: Grayson Lenik, Director of Digital Forensics and Incident Response at Nuix
  • From:
Your email has been sent.
or close