It’s almost 2020 and it’s time to reset how we think about the traditional “”phases of hacking”” and responding to modern intrusions.
The Classic attack paradigm: traditionally Windows focused, Active Directory/Domain Admin emphasis, port scanning, privilege escalation, stealing hashes, exploiting vulnerabilities.
The here and now: hybrid MacOS environments, cloud emphasis, SSO/SAML, 2FA, 3rd party SaaS, zero exploit code.
As companies adapt their businesses to new technologies, attackers change with them, and so should incident responders. In this talk I will discuss how my security team and I respond to modern intrusions from Red Team engagements and “IRL” threats that no longer follow the “Classic” methodologies of attack. If you’re a defender that’s tired of hearing about Powershell, sysmon, mimkatz, and “Red Teaming 101”, this may be for you. This talk is primarily targeted at incident responders working in complex, modern, environments and aims to provide practical guidance on improving your teams capability to detect bad actors and respond to intrusions in 2019 and beyond.