Red Team – How threat actors gain initial access into corporate environments | SASIG
Forgotten your password?

Members can log in to register with one click

Don’t have a website account?

Non-members register here:

Registration form not showing or behaving correctly? Click here.

Tuesday 4 October 2022, 11am-12noon (BST)

Discover how the Cozy Bear advanced persistent threat (APT) actors use spear-phishing and OneDrive to gain access.

In this talk, we discuss the recent techniques used by APT29, also known as Cozy Bear. The government-sponsored group has been using a spear-phishing campaign with embedded malicious links leveraging legitimate OneDrive functionality to gain an initial foothold into organisations.

We will demonstrate the full attack chain, including how ATPs can abuse the legitimate Microsoft OneDrive Updater to load a Command and Control (C2) Dynamic Link Library (DLL) into a legitimate target process and establish an encrypted backdoor connection into the victim’s system.

Join us to discover the indicators of compromise, how to mitigate these types of attacks, and whether technical perimeters are enough.

If you are a member of ISACA, ICA or The Security Institute, you can earn CPE/CPD points for attending our webinars live. Remember to log your attendance with your provider to be credited.

Guest chaired by

Lee Cramp (info), DPO, DRO and Information Security, Department of Health and Social Care

Presented by

Sadi Zane (info), Principal Security Consultant, BSI

Review the advice on using Zoom and other webex platforms securely here.

This website uses cookies, by continuing to use the site you agree to using cookies. Continue