Incident Response ציבורי
[search 0]
עוד

Download the App!

show episodes
 
Loading …
show series
 
Zero Days got you down? There sure has been a lot of high impact zero days impacting edge appliances in 2021, from Microsoft Exchange, Pulse Secure, and SonicWall. In this episode, we're joined by Josh Fleischer, the Managed Defense investigator who uncovered three zero days in SonicWall Email Security, to discuss detection and investigation of a z…
 
In today's threat landscape, data theft and extortion go hand in hand with ransomware. In this episode of State of the Hack, we'll talk about how data theft plays a role in modern day ransomware incidents, how attackers carry out data theft, and how we simulate data theft during our Red Team assessments so clients can test their detective capabilit…
 
An oft-undiscussed tactic, web shells are a popular way for threat actors of all flavors to gain initial footholds, move laterally, and maintain persistence in a stealthy manner. Austin and Doug discuss a popular exploit that has been observed in the wild leading to web shells and what infosec practitioners can do to protect against this class of m…
 
This episode discusses the idea of operational security ("OPSEC") from an attacker's perspective. OPSEC relates to how an attacker or red team might try to make their activities stealthier to avoid detection. During this episode, Evan Pena and Julian Pileggi talk about the various ways the Mandiant Red Team carries out their operational security du…
 
Join us for our holiday episode as we search for silver bells and silver linings in our move to The Cloud! The cast sits down with Dirk-Jan Mollema to talk Azure AD and Primary Refresh Tokens; and what savvy defenders can do to secure their own cloud credentials.על ידי helena.davis@fireeye.com
 
Malicious Office document’s module streams that contain source code, but no P-code are more likely to evade YARA rules and AV detection. This evasion technique is called VBA purging; which is different than the observed VBA stomping technique. In this episode we will discuss what VBA purging is, the difference between purging and stomping, the cons…
 
State of the Hack is back! Featuring new hosts Doug Bienstock (@doughsec), Austin Baker (@bakedsec), Julian Pileggi (@x64_Julian), and Evan Pena (@evan_pena2003) and new content. Doug and Austin kick things off and dive into a recent flood of phishing campaigns associated with KEGTAP aka BazaaLoader. They discuss some interesting toolmarks of the K…
 
Recorded June 2020 TOPIC: Fileless Malware, we think NOT OUR SPONSORS: OUR GUESTS WILL BE: Tyler Hudak - Practice Lead, Incident Response - TrustedSec @secshoggoth www.trustedsec.com Martin Brough - Cybersecurity Expert for Acronis @TheHackerNinja Website - infosec512.com Upcoming Training: SANS DFIR Summit - Running Processes, the Red Team and Bad…
 
Recorded May 2020 TOPIC: Getting back to basics, IR 101 OUR SPONSORS: NEWS-WORTHY: Best EDR Security Services In 2020 for Endpoint Protection https://www.softwaretestinghelp.com/edr-security-services/ How to Avoid Spam—Using Disposable Contact Information https://www.wired.com/story/avoid-spam-disposable-email-burner-phone-number/ Shiny new Azure l…
 
Formerly the Brakeing Down Incident Response Podcast Recorded Oct 2019 TOPIC: Laughing at Binaries - LOLBin/LOLBas OUR GUEST WILL BE: Oddvar Moe, Sr. Security Consultant TrustedSec - Red Teamer @Oddvarmoe Blog - https://oddvar.moe/ lolbas-project.com https://github.com/api0cradle/UltimateAppLockerByPassList https://github.com/api0cradle/PowerAL OUR…
 
On today's show, Nick Carr and Christopher Glyer break down the anatomy of a really cool pre-attack technique - tracking pixels - and how it can inform more restrictive & evasive payloads in the next stage of an intrusion. We're joined by Rick Cole (@a_tweeter_user) to explore one such evasive method seen in-the-wild: Macro Stomping. And we close t…
 
In response to increased U.S.-Iran tensions stemming from the recent death of Quds Force leader Qasem Soleimani by U.S. forces and concerns of potential retaliatory cyber attacks, we're bringing the latest from our front-line experts on all things Iran. Christopher Glyer and Nick Carr are joined by Sarah Jones (@sj94356) and Andrew Thompson (@QW5kc…
 
Ho ho homepage! Christopher Glyer and Nick Carr are back for the last episode of 2019. They’re closing the year with a look at this month’s front-line espionage activity and a whole bunch of FIN intrusions! In addition to the threat round-up, they highlight some of our Mandiant consultants doing that work and a few DFIR tricks they included in a re…
 
Christopher Glyer and Nick Carr are back with an extremely offensive episode with red teamers Evan Pena (@evan_pena2003) and Casey Erikson (@EriksocSecurity). They get right into why they use shellcode (any piece of self-contained executable code) and some of the latest shellcode execution & injection techniques that are working in-the-wild. In pre…
 
Christopher Glyer and Nick Carr sit down with the top two Steves from Advanced Practices: Steve Stone (@stonepwn3000) and Steve Miller (@stvemillertime) to talk about the front-line technical stories and research presented at the 2019 #FireEyeSummit. With team members embedded on every investigation, they dissect the key takeaways from the past yea…
 
Christopher Glyer and Nick Carr interview Matt Berninger (@secbern) about his journey from Incident Responder to Data Scientist and how that has shaped his perspective on ML applications and issues in the industry today. This discussion provides a brief overview of Data Science fundamentals and how they apply to common cybersecurity problems. They …
 
Christopher Glyer and Nick Carr interview Dave Kennedy (@HackingDave) on his experience running DerbyCon over the years, what conferences he plans to attend next, and future plans to build and support DerbyCon Communities (DerbyCom). Red teaming in the last few years has started to get harder due to improvements in security visibility, improved sec…
 
Christopher Glyer and Nick Carr interview Nate Warfield (@n0x08) on his experience working at Microsoft's Security Response Center (MSRC). They discuss how Nate's team manages the vulnerability reporting and fix/remediation process across Microsoft's range of products/services. And debated what makes the BlueKeep and DejaBlue vulnerabilities differ…
 
In this episode, Christopher Glyer and Nick Carr interview the Darkoperator (@Carlos_Perez) and Benjamin Delpy (@gentilkiwi) on all things related to Mimikatz and Kekeo. They discuss Carlos' new class on Mimikatz, the background on why he started it, how red teamers can use the features in unique/creative ways, and how blue teamers can detect the a…
 
This is our APT group graduation party for APT41: Double Dragon, conducting both Chinese state-sponsored espionage activity and personal financially-motivated activity. You've read the report* and on this episode, Christopher Glyer and Nick Carr go behind-the-scenes with two technical experts, Jackie O'Leary and Ray Leong, who worked for months to …
 
We are kicking-off a new segment on State of the Hack - an audio-only deep dive discussion with authors from popular technical blogs. On this episode, Christopher Glyer and Nick Carr spoke with FireEye's Blaine Stancill (@MalwareMechanic) and Omar Sardar (@osardar1) on their recent blog post, "Finding Evil in Windows 10 Compressed Memory." You can …
 
We interviewed one of our most tenured analysts Barry Vengerik (@barryv) on a range of viewer requested topics including: FIN7 retrospective, recent surge of Iranian threat activity, APT34 targeting organizations via LinkedIn messaging, FSB contractor leaks, APT36 USB drop attacks and some tails of recent investigations involving insider threats. T…
 
Christopher and Nick kicked-off the latest episode with recent updates to the MITRE ATT&CK framework, including several techniques that they submitted. During the episode they discuss Outlook add-in persistence, renamed binaries, and the high-level increase in execution guardrails observed - all of which were added in the May update to ATT&CK. They…
 
On this episode, we got right into a bunch of new in-the-wild activity! We discussed FIN6's shift to deploying enterprise ransomware, including their recent LOCKERGOGA campaigns. The recent DAYJOB/ShadowHammer supply chain compromises prompted some discussion around this trend and several hunting techniques. We covered our newly-released blog on th…
 
In this latest episode, we featured FireEye, Principal Threat Analyst and M-Trends contributor, Regina Elwell to take us on a deep dive of our annual M-Trends report. We discussed how key metrics from our incident response investigations changed including dwell times, source of notification, and what industries were impacted. Additionally, we broke…
 
Newsworthy Items: • INSURANCE COMPANY REFUSES TO PAY NOTPETRYA BILL, SAYS IT WAS AN ACT OF WAR, COMPANY SUES FOR $100M • 2-FACTOR AUTH BYPASSED ??? • 773 MILLLLLION PASSWORDS CIRCULATING THE INTERNET FROM PAST BREACHES • BYPASS BLACKLISTED WORDS FILTER (OR FIREWALLS) VIA WILDCARDS Malware of the month - First Sednit UEFI Rootkit Unveiled Site-worth…
 
In their final episode of 2018, Christopher Glyer and Nick Carr brought the holiday cheer by providing a wrap-up on interesting targeted attacker activity from the past 90 days, including CNIIHM links to TRITON ICS attacks, suspected APT29 spearphishing campaign, several recent DOJ indictments. They also highlighted some interesting techniques incl…
 
In this episode, Christopher Glyer and Nick Carr spoke with Steven Booth, Chief Security Officer at FireEye, to discuss what’s to come in 2019, including attackers and nations attempting to emulate other threat groups, increased leveraging of legitimate services for command and control, machine learning and artificial intelligence, a decreased and …
 
In this segment, we sit down with two Staff Reverse Engineers on the FLARE team, Michael Bailey (@mykill) and James “Tom” Bennett (@jtbennettjr), who were at CDS this year to discuss the results of nearly 500 total hours of analysis of the Carbanak source code we acquired. This included 100,000 lines of Carbanak source code and dozens of binaries. …
 
FireEye recently released details on a particularly aggressive threat group that we believe is responsible for conducting financial crime on behalf of the North Korean regime, stealing millions of dollars from banks worldwide. We refer to this group as APT38. In this segment, we welcome two core contributors to the APT38 report: Nalani Fraser, Mana…
 
We had the chance to pick the brains of John Hultquist (@JohnHultquist), Director of Threat Intelligence, and Ben Read (@bread08), Senior Manager of Cyber-espionage Analysis. John and Ben provide a lot of media color and discuss geopolitical ramifications of complex technical reports by translating the news into lay terms. In this segment, we start…
 
Newsworthy Items: ----------------------- After Sept 21st Credit Freezes are FREEEEEE - Article - by Krebs "Do you use a Tumi bag? Registered it with Tumi's Tracer service? British airways website hacked 380K users affected How Hackers Slipped by British Airways' Defenses - Wired Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob -…
 
Christopher Glyer and Nick Carr spoke with FireEye Intel Analyst, Lee Foster on how FireEye identified a suspected influence operation that appears to originate from Iran aimed at audiences in the U.S., U.K., Latin America, and the Middle East. During their conversation they spoke about how the operation is leveraging a network of inauthentic news …
 
Newsworthy Items: The most expensive Cyber attack EVER !!! (wired) City of Atlanta 17 million ransom attack APT32 proves what we say about logging - Monitor Scheduled Tasks Malware of the month - None, so send us something interesting... Site-worthy - websites of the trade to share Tool-worthy - some tools of the trade to share…
 
“Special Guest Sean Metcalf (@Pyrotek)”: Sean Metcalf is a trailblazer in the InfoSec field who is most well-known for his expertise in Active Directory security. He’s given talks on the topic at several security conferences, including Black Hat USA, DEF CON, DerbyCon and BSides. Fun fact about Sean: he is one of roughly 100 Microsoft Certified Mas…
 
“Special Guest Matt Graeber (@mattifestation)”: Early in Matt Graeber’s professional life he was a rock climbing instructor, but then he joined the Navy and that decision kicked off his journey into the wonderful world of InfoSec. Matt is now a security Researcher at SpecterOps, a company that provides adversary-focused solutions to help organizati…
 
“Special Guest Katie Nickels (@likethecoins)”: Katie Nickels attended a liberal arts school and intended to get into journalism, but instead she took on a researcher role and the rest is history. Now Katie is the Lead Cyber Security Engineer at MITRE. MITRE is a not-for-profit that operates federally funded research and development centers (FFRDC) …
 
“FIN7”: It’s a matter of “when, not if” for organizations and breaches, and the same goes for criminals and getting caught. The U.S. District Attorney’s Office for the Western District of Washington recently unsealed indictments and announced the arrests of three leaders in a criminal organization we have tracked since 2015 as FIN7. Referred to by …
 
In this episode we were joined by Dan Perez (@MrDanPerez) of FireEye’s Adversary Pursuit team. We discussed our experiences from FireEye's Congressional roundtable on artificial intelligence, providing insight into the analysis leading up to our report on TEMP.Periscope targeting Cambodian election operations, and broke down several notable adversa…
 
In May we were joined by Andrew Thompson (@QW5kcmV3) of FireEye’s Adversary Pursuit team. We explore the evolution and current state of cloud services OAuth abuse, how we do technical intelligence & attribution, and some war stories from the past few weeks of responding to intrusions that matter. “Shining a Light on OAuth Abuse”: we explore the his…
 
In episode 3, we were joined by Alex Lanstein (@alex_lanstein) - one of the first employees at FireEye who hunts through product telemetry data to identify new targeted campaigns. During the RSA conference, and with so many others referencing breaches and hunting from the periphery, we thought it would be good to chat about primary source data from…
 
“Activity Round-up”: This week, we talk about new techniques being used by Iran's "MuddyWater" (TEMP.Zagros) and Vietnam's APT32. We discuss our Mandiant response efforts into large Chinese espionage campaigns that have picked up in the past year, highlighting both APT20 targeting of service providers and some fresh TEMP.Periscope activity at many …
 
Loading …

מדריך עזר מהיר

זכויות יוצרים 2021 | מפת אתר | מדיניות פרטיות | תנאי השירות
Google login Twitter login Classic login