Greg Lesnewich

Back to the list of Speakers and Sessions

Greg Lesnewich ,

Greg Lesnewich is a Senior Threat Researcher at Proofpoint, focused on identifying, tracking, detecting, and disrupting malicious activity linked to North Korea and Russia. Greg has a background in threat intelligence, incident response, and managed detection, previously working at Recorded Future, Leidos, and NCFTA, with experience in developing methods of tracking espionage and state-sponsored activity. Greg enjoys the topics of weird forensic artifacts, measuring malware similarity, YARA, and infrastructure tracking.

Discussion: Malware Q&A

This is a Q&A session. Moderators will take audience questions both remotely and on-site via

Q&A Discussion for the malware block.

Talk: Will the real attribution please stand up?

Talks will be streamed on YouTube and Twitch for free.

Does attribution of cyber operations actually matter? It depends on who’s asking. Using real world APT examples from threats attributed to Iran, Turkey, North Korea and Russia, we’ll demonstrate what details go into attribution work from the perspective of email security vendor, why attribution can be useful for defenders and how Blue Teams can use it to better inform threat modeling and risk. We'll define attribution, compare the concepts of attribution and Attribution, discuss how softer attribution should be paired with harder, more technical attribution and then close by discussing potential pitfalls we’ve seen with attribution working for the government, private corporations and at a security vendor.