Detecting & Hunting Ransomware Operator Tools: It Is Easier Than You Think!

Поділитися
Вставка
  • Опубліковано 25 гру 2024
  • Ryan Chapman, SANS Instructor and author of SANS FOR528: Ransomware for Incident Responders, provides an overview of tools leveraged often by ransomware operators. Though a multitude of ransomware operations and affiliate groups exist, we see a great deal of overlap between the tools leveraged by these groups (and that's an understatement!).
    Are you following and utilizing projects such as Living Off Trusted Sites (LOTS) and Bring Your Own Vulnerable Driver (BYOVD)?
    Are you looking for Bloodhound/SharpHound?
    Do you know how PsExec-like tools work at a forensic level (e.g., smbexec)? Are you hunting for rogue installations of Remote Monitoring & Maintenance (RMM) tools?
    Did you know that data exfiltration tools like Winzip, 7Zip, WinSCP, FileZilla, Rclone, and MEGAsync often leave forensic artifacts that are absolute snitches that are just phenomenal for us cyber defenders?
    In this session he will discuss these tools, and show you how they work, and share tips & tricks related to preventing, detecting, and hunting them!
    For presentation slides visit here: www.sans.org/w...
    About FOR528: Ransomware for Incident Responders course
    FOR528: Ransomware for Incident Responders (www.sans.org/FOR528) covers the entire life cycle of an incident, from initial detection to incident response and postmortem analysis. While there is no way to prepare for every scenario possible, our course uses deftly devised, real-world attacks and their subsequent forensic artifacts to provide you, the analyst, with all that you need to respond when the threat become a reality.
    About Ryan Chapman
    Ryan is a Principal Incident Response Consultant with Palo Alto Networks. He has worked in the Digital Forensics & Incident Response (DFIR) realm for over 10 years. He is the author of the new SANS course on ransomware FOR528: Ransomware for Incident Responders and he has also taught the SANS FOR610: Reverse Engineering Malware. During his career, Ryan has worked in Security Operations Center and Cyber Incident Response Team roles that handled incidents from inception through remediation. With Ryan, it's all about the blue team, including sifting through Packet Captures, researching domains and IPs, hunting through log aggregation utilities, analyzing malware, and performing host and network forensics.

КОМЕНТАРІ • 20

  • @JaKeizBrick33
    @JaKeizBrick33 Рік тому +13

    Ryan is such a good presenter

  • @DukeSnider-bz5sg
    @DukeSnider-bz5sg Рік тому +1

    Thanks for sharing your knowledge and presenting it in a digestible way Ryan, please keep these videos coming!

  • @rameshbabu9497
    @rameshbabu9497 Рік тому +1

    Amazing resource! Hope to see more videos related to threat hunting

  • @scarthebadguy
    @scarthebadguy Рік тому +2

    Glad I found this channel, great presentation 👏

    • @rj_chap
      @rj_chap Рік тому +1

      Me too! And ty.

  • @MabelGainey
    @MabelGainey Рік тому +1

    @32 min in, great list, just about everything can be added to an alert list. there are some legit companies we work with that use mega though
    @36 min in, great list, everything but 7z can likely be added to an alert list (for my company)
    @50 min in, omg... same, I love splunk, i just can't afford it
    this was a great talk, and the speaker has almost convinced me to pay for a sans course. (seems really fun and charismatic)

  • @CookieMonster-fc7jz
    @CookieMonster-fc7jz Рік тому +1

    Great stuff, useful hunting items, Thank you!

    • @rj_chap
      @rj_chap Рік тому

      YES!!!! Hunt, hunt, and hunt MOARRRR!

  • @howtocyberwar
    @howtocyberwar Рік тому +1

    Thank you, great video!

  • @pacificp
    @pacificp Рік тому

    Great Presentation! Could you please share the link to download the ppt?

  • @ByteBudsBites
    @ByteBudsBites 5 місяців тому

    👍 thank you

  • @thrillhouse4784
    @thrillhouse4784 11 місяців тому +1

    Are these the classes for the certs that cost like 5k?

  • @0fzex003
    @0fzex003 Рік тому

    How come this is free. Thank you as always. Hope to afford this course in the future 😅

  • @xx-kb5zi
    @xx-kb5zi Рік тому

    🔥