Deception and Discovery: How Attackers Hide Backdoor Accounts (and How Defenders Find Them)

Approaching an attack from all angles—conducting, detecting, and defending against them—can be a key element for strengthening the capabilities of security teams via Purple Team exercises and collaborative learning. However, finding practical examples of a correlated technique and detection can be difficult in day-to-day work. 

  

Randy Pargman, VP of Threat Hunting & Counterintelligence at Binary Defense, and Ben Mauch, Team Lead, Defense & Countermeasures at TrustedSec, will present multiple approaches that can benefit both offensive teams (such as Red Teams) and defensive teams (such as administrators and security operations). 

  

During the webinar, Pargman and Mauch will demonstrate an open-source tool that is designed for Red Teams to add backdoor accounts, which are created through methods that make detection difficult. As a way of countering this strategy, multiple techniques will be demonstrated that can be used by Threat Hunters to discover these deceptive accounts and investigate further to determine what actions the attacker took. 

  

Join Pargman and Mauch for this joint webinar and live demonstration of practical tools that security teams can begin utilizing immediately. 

Register Today

About the Presenters

Randy Pargman & Ben Mauch

Randy Pargman is the Senior Director of Threat Hunting and Counterintelligence at Binary Defense.  In this role, he leads the teams responsible for advanced analysis of malware, development of technology to detect threat actor activity, threat intelligence research of criminal forums, and monitoring of Darknet, Clearnet and Social Media platforms for threat indicators.  Randy previously worked for the FBI, where he served for 15 years, most recently as a Senior Computer Scientist on the Cyber Task Force in Seattle. Randy is now frequently covered by national media outlets for his cybersecurity expertise.