Matt Weikert

R1Z: From Broker to Busted

Dive into the world of access brokers, where cybercrime and law enforcement collide. This talk explores the investigation and takedown of “r1z,” a prominent figure in underground markets. We trace r1z’s ascent as a key player, specializing in selling exploits and tools designed to compromise corporate defenses. Delve into r1z’s collaborations with exploit developers and see how their services evolved from selling network access to creating and distributing tools that bypass EDR solutions. Witness the strategic maneuvers and meticulous investigations that led to r1z’s downfall, achieved through coordinated efforts among various partners.

Matt Weikert is a Senior Manager on SentinelOne’s DFIR team, where he engages in digital forensics and incident response engagements for global clients. Matt has been working in DFIR for 9+ years and has led post breach incident response and digital forensic investigations involving ransomware, cybercrime gangs, business email compromise, commodity malware, insider threats, and nation state/APT level threat actors. His career background includes cybersecurity operations and investigations for several clients over various verticals. Matt spent time working as an incident responder, forensic analyst, and IT administrator across several industries including healthcare, and both state and federal government. Matt also has the privilege of serving as a SME with the SANS Institute where he help students navigate various topics from OnDemand courses, and audit course material to bring world-class cybersecurity training to organizations across the globe. Mr. Weikert holds the following certifications: GCIH, GCFA, GNFA, GREM, GASF, GRID, and GPEN.