Friday 9 October, 11am-12noon (BST)
Ransomware gangs like Maze dwell in networks for months, stealing data and leaving backdoors, before they start dropping ransom notes.
Join us as we explain how big-game ransomware gangs operate and showcase common tactics, techniques, and procedures (TTPs), with takeaways that can help you prepare for an attack. Dave will run a step-by-step Maze attack simulation, demonstrating how an IR team should be alerted at each and every phase of such an attack, so as it can respond effectively.
During the session, you will get to see how:
• a user is tricked into opening an infected Word document
• a network recon is performed using reverse DNS lookups
• a service account with admin privileges is kerberoasted
• sensitive files can be found and exfiltrated using HTTP POST commands
• the Maze ransomware payload is deployed to encrypt files
Martin Smith MBE (info), Chairman & Founder, The SASIG
Dave Philpots (info), Systems Engineer, Varonis