BSidesVienna 0x7EA

Jonas Plitt

Jonas has been working in Cyber security for more than 15 years, specializing in Incident Response and the defense against advanced persistent threats. His experience spans firewall security, endpoint security, and digital forensics, with a strong focus on supporting organizations during critical security incidents. In his work, Jonas helps customers investigate complex intrusions, contain active threats, and turn technical findings into actionable decisions for crisis management. He regularly works at the intersection of technical analysis, organizational response, external advisors, and law enforcement. He is particularly interested in identifying and disrupting APT actors by combining forensic evidence, endpoint and network telemetry, and threat intelligence to understand attacker behavior and improve defensive strategies.

The speaker's profile picture

Sessions

06-27
17:10
60min
Zero Files, Zero Noise: Checkmate in Three.
Jonas Plitt

In this talk, we walk through a real intrusion observed in an EDR-monitored enterprise environment. The case did not start with a major incident or a flood of alerts. It began with two ambiguous notifications in the Defender portal that the customer could not immediately classify. What looked like a minor signal turned into a live hunt: an operator attempting fileless execution, interacting with endpoint controls, trying to disable or bypass defenses, and carefully pivoting through the network.

Mittlerer Saal (Track 1 - 260 pax)
Mittlerer Saal (Track 1)