The DFIR Report Homecoming Parade Panel
2022-08-13, 13:00–14:00 (US/Pacific), Talks (Virtual)

Follow along as we take the DEF CON Hacker Homecoming theme to the next level with a DFIR Report Homecoming Parade. The panel will provide additional context to various DFIR Reports released in the past year. Pick up some tips and tricks to up your game!


The DFIR Report Homecoming Parade will not discuss normal (BAU) CTI actions, such as searching the logs for hits on the IOCs or entering the IOCs into a Threat Intelligence Platform (TIP) or other alerting platform. Instead, the participants will focus on pivoting, TTPs, and how they would take the contents in the various DFIR Reports to the NEXT LEVEL! When the Panelists respond to the DFIR Reports, they are operating under the assumption that they performed the preliminary analysis and deemed the threat report relevant to their environment. The purpose of this assumption is to decrease the amount of debate on whether or not something is relevant to get to the part of the analysis that involves extracting actionable takeaways.

Cybersecurity Analyst at a Fortune 500. DSc Cybersecurity, MBA IT Management, 8 x GIAC, and SANS Women’s Academy graduate.

Jamie is an adversary emulation engineer for The MITRE Corporation where he works with amazing people on various exciting efforts involving security operations and research, mostly focused on adversary emulation and behavior-based detections. He leads the development of MITRE ATT&CK® for Enterprise and has also led teams that help shape and deliver the “adversary-touch” within MITRE Engenuity ATT&CK Evaluations as well as the Center for Threat-Informed Defense (CTID).

This speaker also appears in:

Kostas is a security researcher with many years of experience in the field. Coming from a technical background in incident response, he specializes in intrusion analysis and threat hunting.

Kostas devotes most of his spare time to supporting the information security community by producing free threat intelligence reports as part of the DFIRReport effort, of which he is a member.

Avid learner, passionate about all things detection, malware, DFIR, and threat hunting.

Justin is currently serving as CTO/Hacker at TrustedSec and possess a background in red teaming, pentesting, and offensive research.

Nicklas works as a Threat Research Analyst at the company Truesec, based in Stockholm/Sweden. Here he splits his time picking apart malware from threat actors and as a subject matter expert in Industrial Control System. Also a analyst contributor to The DFIR Report.