Ransomware for Financial Gain
Threat actors continue to leverage ransomware to extort victim organizations. What was once a simple scheme to encrypt target data has expanded to include data disclosure and targeting a victim’s clients or suppliers. Understanding the techniques threat actors use in these attacks is vital to having an effective detection and mitigation strategy.
Campaign Outline
Threat Actor Campaigns are comprised of multiple MITRE ATT&CK aligned courses. Click on a course below to learn more.
Spearphishing Attachment and PowerShell
Phishing is one of the top techniques leveraged in breaches today, and adversaries use it to send malicious attachments to targeted users. PowerShell is a powerful scripting tool that adversaries can exploit to perform recon and run executables. You will detect these adversary techniques and discover ways to mitigate them.
Overview
Phishing is one of the top techniques leveraged in breaches today, and adversaries use it to send malicious attachments to targeted users. PowerShell is a powerful scripting tool that adversaries can exploit to perform recon and run executables. You will detect these adversary techniques and discover ways to mitigate them.
Application Shimming and Data from Local System
Application shimming is a powerful feature that allows for backward compatibility across different versions of Windows OS. Adversaries manipulate this feature to bypass controls. They also search local file systems for files of interest. Get the skills to detect this behavior and prevent adversaries from setting up shop in your organization.
Overview
Application shimming is a powerful feature that allows for backward compatibility across different versions of Windows OS. Adversaries manipulate this feature to bypass controls. They also search local file systems for files of interest. Get the skills to detect this behavior and prevent adversaries from setting up shop in your organization.
Kerberoasting and Domain Accounts
Kerberos enables secure network communication in Windows environments, while Domain Accounts are a core part of Identity and Access Management. Adversaries can attack both of these and move through an environment largely undetected. Start detecting this covert behavior and begin stopping it in its tracks today.
Overview
Kerberos enables secure network communication in Windows environments, while Domain Accounts are a core part of Identity and Access Management. Adversaries can attack both of these and move through an environment largely undetected. Start detecting this covert behavior and begin stopping it in its tracks today.
Match Legitimate Name or Location and Data Encrypted for Impact
Once in your environment, adversaries will try to evade your defenses and may rename their code to look like a legitimate executable. They could also encrypt your data with ransomware. Don't let adversaries hold you over a barrel. Get hands-on and learn to detect and mitigate these techniques today.
Overview
Once in your environment, adversaries will try to evade your defenses and may rename their code to look like a legitimate executable. They could also encrypt your data with ransomware. Don't let adversaries hold you over a barrel. Get hands-on and learn to detect and mitigate these techniques today.
Remote System Discovery and Remote Desktop Protocol
Adversaries want to understand your environment and will use Remote System Discovery to do so. They can also leverage the same Remote Desktop Protocol (RDP) you'd use to access systems remotely. And, with the right credentials, they can move laterally through your system. Outwit them by detecting and blocking these techniques today.
Overview
Adversaries want to understand your environment and will use Remote System Discovery to do so. They can also leverage the same Remote Desktop Protocol (RDP) you'd use to access systems remotely. And, with the right credentials, they can move laterally through your system. Outwit them by detecting and blocking these techniques today.
Non-Standard Port
Many organizations still don't block unknown outbound ports. This allows adversaries to leverage them for command and control activities. Even if you are blocking these ports adversaries can use standard ports with different protocols to avoid detection. Learn how to detect and thwart this command and control behavior to secure your environment.
Overview
Many organizations still don't block unknown outbound ports. This allows adversaries to leverage them for command and control activities. Even if you are blocking these ports adversaries can use standard ports with different protocols to avoid detection. Learn how to detect and thwart this command and control behavior to secure your environment.
Exfiltration to Cloud Storage
Cloud storage is fast, affordable, and widely available. Adversaries take advantage of a tool that works well just like we do. It's even better when they can use a cloud storage provider your organization already uses, allowing them to exfiltrate data encrypted via HTTPS to a service that looks like normal traffic. Learn how to detect this today.
Overview
Cloud storage is fast, affordable, and widely available. Adversaries take advantage of a tool that works well just like we do. It's even better when they can use a cloud storage provider your organization already uses, allowing them to exfiltrate data encrypted via HTTPS to a service that looks like normal traffic. Learn how to detect this today.
