ESW #284 - Ryan Fried & Joseph Carson


Manage episode 337689453 series 2794639
Зроблено Security Weekly і знайдено завдяки Player FM та нашій спільноті. Авторські права належать видавцю, а не Player FM, і аудіоматеріали транслюються безпосередньо з сервера видавця. Натисніть на кнопку Підписатися, щоб слідкувати за оновленнями в Player FM або скопіюйте і вставте посилання на канал до іншої програми для подкастів.

This week, we start off the show by welcoming Ryan Fried to discuss how Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. Then, Joeseph Carson joins to discuss following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker’s techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Finally, in the Enterprise Security News, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS’s CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns!

Visit for all the latest episodes!

Segment Resources:

Follow us on Twitter:

Like us on Facebook:

Visit for all the latest episodes!

Show Notes:

298 епізодів