Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
תוכן מסופק על ידי Mandiant. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Mandiant או שותף פלטפורמת הפודקאסט שלו. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
דומה לState of the Hack
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Monday through Friday, Marketplace demystifies the digital economy in less than 10 minutes. We look past the hype and ask tough questions about an industry that’s constantly changing.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
S1E03: Hunting Targeted Attackers @ Scale, Live-ish from RSA
סדרה בארכיון ("עדכון לא פעיל" status)
When?
This feed was archived on February 26, 2024 18:55 (
Why? עדכון לא פעיל status. השרתים שלנו לא הצליחו לאחזר פודקאסט חוקי לזמן ממושך.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 290580702 series 2915100
תוכן מסופק על ידי Mandiant. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Mandiant או שותף פלטפורמת הפודקאסט שלו. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
In episode 3, we were joined by Alex Lanstein (@alex_lanstein) - one
of the first employees at FireEye who hunts through product telemetry
data to identify new targeted campaigns. During the RSA conference,
and with so many others referencing breaches and hunting from the
periphery, we thought it would be good to chat about primary source
data from our on-going APT and FIN attack investigations and how to
identify anomalies the way Alex does.
We live streamed this episode from the RSA Conference 2018 expo floor.
In an unforeseen twist of events, the sheer number of cyber threat
maps on the conference floor degraded the bandwidth and video quality.
We re-recorded the episode the next day from an undisclosed location
with a better connection.
“Community Protection: Southeast Asian Campaign”: We discuss our
on-going Community Protection Event (CPE) where we’ve pulled together
teams within the company to identify and protect against a suspected
Chinese attack group using new methods to compromise Southeast Asian
entities. We explore how it was found with custom passwords to decrypt
phishing docs as well as the unique PowerShell-laden shortcut (.LNK)
builder that was last seen with APT29 campaign around the 2016 U.S.
election.
“APT19 and RepeaTTPs”: We chat about APT19 resuming their targeting of
law firms this month using many of the exact same techniques as our
2017 blog post on the activity. Alex shares some insight into
interesting APT19 phishing lure choices.
• 2017 TTPs: https://www.fireeye.com/blog/threat-r...
“RO-BORAT Kazakhstani Attribution”: #ThreatIntel attribution can be
difficult, but not always. We chat about the level of rigor we applied
to analyzing some recent activity that we attributed to Kazakhstan.
Very nice!
• Related reading - https://www.eff.org/press/releases/ma...
“What’s M-Trending”: We close out the show by some round-robin
discussion of evolving attacker methods and what we found most
interesting within our M-Trends 2018 report released in April, which
compiled technical intelligence and #DFIR breach data from our 500+
Mandiant investigations in 2017.
• https://www.fireeye.com/content/dam/c...
State of the Hack is FireEye’s monthly live broadcast series, hosted
by Christopher Glyer (@cglyer) and Nick Carr (@itsreallynick), that
discusses the latest in information security, cyber espionage, attack
trends, and tales from the front lines of responding to targeted
intrusions. You can catch it live each month on FireEye's Twitter
account: https://twitter.com/fireeye
39 פרקים
שתפו
סדרה בארכיון ("עדכון לא פעיל" status)
When?
This feed was archived on February 26, 2024 18:55 (
Why? עדכון לא פעיל status. השרתים שלנו לא הצליחו לאחזר פודקאסט חוקי לזמן ממושך.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 290580702 series 2915100
תוכן מסופק על ידי Mandiant. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Mandiant או שותף פלטפורמת הפודקאסט שלו. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
In episode 3, we were joined by Alex Lanstein (@alex_lanstein) - one
of the first employees at FireEye who hunts through product telemetry
data to identify new targeted campaigns. During the RSA conference,
and with so many others referencing breaches and hunting from the
periphery, we thought it would be good to chat about primary source
data from our on-going APT and FIN attack investigations and how to
identify anomalies the way Alex does.
We live streamed this episode from the RSA Conference 2018 expo floor.
In an unforeseen twist of events, the sheer number of cyber threat
maps on the conference floor degraded the bandwidth and video quality.
We re-recorded the episode the next day from an undisclosed location
with a better connection.
“Community Protection: Southeast Asian Campaign”: We discuss our
on-going Community Protection Event (CPE) where we’ve pulled together
teams within the company to identify and protect against a suspected
Chinese attack group using new methods to compromise Southeast Asian
entities. We explore how it was found with custom passwords to decrypt
phishing docs as well as the unique PowerShell-laden shortcut (.LNK)
builder that was last seen with APT29 campaign around the 2016 U.S.
election.
“APT19 and RepeaTTPs”: We chat about APT19 resuming their targeting of
law firms this month using many of the exact same techniques as our
2017 blog post on the activity. Alex shares some insight into
interesting APT19 phishing lure choices.
• 2017 TTPs: https://www.fireeye.com/blog/threat-r...
“RO-BORAT Kazakhstani Attribution”: #ThreatIntel attribution can be
difficult, but not always. We chat about the level of rigor we applied
to analyzing some recent activity that we attributed to Kazakhstan.
Very nice!
• Related reading - https://www.eff.org/press/releases/ma...
“What’s M-Trending”: We close out the show by some round-robin
discussion of evolving attacker methods and what we found most
interesting within our M-Trends 2018 report released in April, which
compiled technical intelligence and #DFIR breach data from our 500+
Mandiant investigations in 2017.
• https://www.fireeye.com/content/dam/c...
State of the Hack is FireEye’s monthly live broadcast series, hosted
by Christopher Glyer (@cglyer) and Nick Carr (@itsreallynick), that
discusses the latest in information security, cyber espionage, attack
trends, and tales from the front lines of responding to targeted
intrusions. You can catch it live each month on FireEye's Twitter
account: https://twitter.com/fireeye
39 פרקים
כל הפרקים
×
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.
דומה לState of the Hack
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Monday through Friday, Marketplace demystifies the digital economy in less than 10 minutes. We look past the hype and ask tough questions about an industry that’s constantly changing.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
