Mike Daniels, Security Operations Lead, and Randy Pargman, Senior Director of Threat Hunting and Counterintelligence, will walk through the process of designing practical detections for attacker behaviors based on the MITRE ATT&CK framework. In this session, we’ll cover different techniques to use and how to detect attacks that use T1036.003, masquerading with renamed system tools and TA0006 with Credential Dumping, T1003, as a means.
Topics in this webinar:
- How threat actors dump credentials
- Detecting credential dumping
- Why Purple Teams/Security Assessments are essential to ensure coverage
- Ways threat actors try to evade detections by renaming system tools before use
- Methods to detect the use of renamed tools with Sysmon and open source tools