ESW #284 - Ryan Fried & Joseph Carson

2:05:29
 
Поширити
 

Manage episode 337689453 series 2794639
Зроблено Security Weekly і знайдено завдяки Player FM та нашій спільноті. Авторські права належать видавцю, а не Player FM, і аудіоматеріали транслюються безпосередньо з сервера видавця. Натисніть на кнопку Підписатися, щоб слідкувати за оновленнями в Player FM або скопіюйте і вставте посилання на канал до іншої програми для подкастів.

This week, we start off the show by welcoming Ryan Fried to discuss how Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. Then, Joeseph Carson joins to discuss following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker’s techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Finally, in the Enterprise Security News, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS’s CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Segment Resources: https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report

https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54

https://www.cisa.gov/uscert/ncas/alerts/aa22-181a

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw287

298 епізодів