Tripwires! Techniques for Detecting Cyberattacks
Tuesday, October 27th, 2020 from 12pm – 1pm EDT
Mike Daniels, Security Operations Lead, and Randy Pargman, Senior Director of Threat Hunting and Counterintelligence, will walk through the process of designing practical detections for attacker behaviors based on the MITRE ATT&CK framework. In this session, we’ll cover different techniques to use and how to detect attacks that use T1036.003, masquerading with renamed system tools and TA0006 with Credential Dumping, T1003, as a means.
Topics in this webinar:
- How threat actors dump credentials
- Detecting credential dumping
- Why Purple Teams/Security Assessments are essential to ensure coverage
- Ways threat actors try to evade detections by renaming system tools before use
- Methods to detect the use of renamed tools with Sysmon and open source tools
About the Presenters
Randy Pargman is the Senior Director of Threat Hunting and Counterintelligence at Binary Defense. In this role, he leads the teams responsible for advanced analysis of malware, development of technology to detect threat actor activity, threat intelligence research of criminal forums, and monitoring of Darknet, Clearnet and Social Media platforms for threat indicators. Randy previously worked for the FBI, where he served for 15 years, most recently as a Senior Computer Scientist on the Cyber Task Force in Seattle.
Mike is the Security Operations Center Team Lead at Binary Defense. In this role, he is responsible for day to day operation of the SOC. Mike has also spent time on the Binary Defense Counterintelligence team. Prior to joining Binary Defense, Mike spent time in the US Army and as a US government contractor.