Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Контент предоставлен Clint Marsden. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией Clint Marsden или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
Похожие на TLP - The Digital Forensics Podcast
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
We help founders make something people want.
…
continue reading
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
Welcome to Hands-On Tech, where host Mikah Sargent turns tech troubles into tech triumphs. Each episode zooms in on a specific theme, unpacking listener questions with expert analysis and easy-to-follow advice. From decoding the latest gadgets to simplifying everyday tech, Mikah's got you covered. Submit your tech queries through email at HOT@twit.tv or via TWiT's social media. You might hear your question answered on air! And keep an ear out for guest experts who drop by to share their spec ...
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Player FM - приложение для подкастов
Работайте офлайн с приложением Player FM !
Работайте офлайн с приложением Player FM !
))
Episode 7 - Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and Procedures
Manage episode 425641123 series 3578563
Контент предоставлен Clint Marsden. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией Clint Marsden или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
In todays episode of TLP - Traffic Light Protocol, Clint Marsden talks about Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and Procedures.
Key Takeaways
Understanding Scattered Spider: Scattered Spider, also known as Roasted Octopus or Octo Tempest, utilizes various legitimate tools for malicious purposes.
Common Tools and Techniques: They employ tools for reconnaissance (PingCastle, ADRecon), credential dumping (Mimikatz, Lazagne), Remote access (Screen Connect, Team Viewer), and VPN (Tailscale).
Social Engineering Tactics: Their methods include impersonation, MFA fatigue (MFA bombing), and SIM swapping to gain access.
Persistence Mechanisms: They maintain access through methods like automatic account linking and adding additional MFA tokens
Defense Strategies: Implement strong identity verification, monitor for unusual activity, and educate users social engineering & smishing
Quotes
"By understanding their tactics, techniques, and procedures, or TTPs, you can better defend your network and improve its security posture."
"There's a lot of push on recognizing phishing emails and hovering over links and verifying the sender, but not enough focus on social engineering training for staff"
Action Points
Review Service Desk Processes: Ensure robust identity verification to prevent social engineering.
Monitor for Unusual Activity: Regularly audit and set up automated alerts for suspicious MFA changes or logins.
Educate Users: Conduct training on recognizing phishing and social engineering techniques.
Test Tools in a Lab: Use the mentioned tools to simulate attacks and improve defensive measures by analyzing security logs and infrastructure.
Mentioned Resources
Remote monitoring and management or RMM tools
Fleetdeck.io
Level.io
Ngrok Mitre Ref: [S0508]
Screenconnect
Splashtop
Teamviewer
Pulseway
Tactical RMM
Reconnaissance:
PingCastle - https://www.pingcastle.com/
ADRecon - https://github.com/sense-of-security/ADRecon
Advanced IP Scanner - https://www.advanced-ip-scanner.com/
Govmomi - https://github.com/vmware/govmomi
Cred dumpers:
Mimikatz - https://github.com/ParrotSec/mimikatz
Hekatomb - https://github.com/ProcessusT/HEKATOMB
Lazagne - https://github.com/AlessandroZ/LaZagne
gosecretsdump - https://github.com/C-Sto/gosecretsdump
smbpasswd.py - (as part of Impacket) - https://github.com/fortra/impacket/blob/master/examples/smbpasswd.py
LinPEAS - https://github.com/peass-ng/PEASS-ng/tree/master/linPEAS
ADFSDump - https://github.com/mandiant/ADFSDump
VPN:
Tailscale - Provides virtual private networks (VPNs) to secure network communications
16 эпизодов
Поделиться
Manage episode 425641123 series 3578563
Контент предоставлен Clint Marsden. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией Clint Marsden или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
In todays episode of TLP - Traffic Light Protocol, Clint Marsden talks about Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and Procedures.
Key Takeaways
Understanding Scattered Spider: Scattered Spider, also known as Roasted Octopus or Octo Tempest, utilizes various legitimate tools for malicious purposes.
Common Tools and Techniques: They employ tools for reconnaissance (PingCastle, ADRecon), credential dumping (Mimikatz, Lazagne), Remote access (Screen Connect, Team Viewer), and VPN (Tailscale).
Social Engineering Tactics: Their methods include impersonation, MFA fatigue (MFA bombing), and SIM swapping to gain access.
Persistence Mechanisms: They maintain access through methods like automatic account linking and adding additional MFA tokens
Defense Strategies: Implement strong identity verification, monitor for unusual activity, and educate users social engineering & smishing
Quotes
"By understanding their tactics, techniques, and procedures, or TTPs, you can better defend your network and improve its security posture."
"There's a lot of push on recognizing phishing emails and hovering over links and verifying the sender, but not enough focus on social engineering training for staff"
Action Points
Review Service Desk Processes: Ensure robust identity verification to prevent social engineering.
Monitor for Unusual Activity: Regularly audit and set up automated alerts for suspicious MFA changes or logins.
Educate Users: Conduct training on recognizing phishing and social engineering techniques.
Test Tools in a Lab: Use the mentioned tools to simulate attacks and improve defensive measures by analyzing security logs and infrastructure.
Mentioned Resources
Remote monitoring and management or RMM tools
Fleetdeck.io
Level.io
Ngrok Mitre Ref: [S0508]
Screenconnect
Splashtop
Teamviewer
Pulseway
Tactical RMM
Reconnaissance:
PingCastle - https://www.pingcastle.com/
ADRecon - https://github.com/sense-of-security/ADRecon
Advanced IP Scanner - https://www.advanced-ip-scanner.com/
Govmomi - https://github.com/vmware/govmomi
Cred dumpers:
Mimikatz - https://github.com/ParrotSec/mimikatz
Hekatomb - https://github.com/ProcessusT/HEKATOMB
Lazagne - https://github.com/AlessandroZ/LaZagne
gosecretsdump - https://github.com/C-Sto/gosecretsdump
smbpasswd.py - (as part of Impacket) - https://github.com/fortra/impacket/blob/master/examples/smbpasswd.py
LinPEAS - https://github.com/peass-ng/PEASS-ng/tree/master/linPEAS
ADFSDump - https://github.com/mandiant/ADFSDump
VPN:
Tailscale - Provides virtual private networks (VPNs) to secure network communications
16 эпизодов
Все серии
×
Добро пожаловать в Player FM!
Player FM сканирует Интернет в поисках высококачественных подкастов, чтобы вы могли наслаждаться ими прямо сейчас. Это лучшее приложение для подкастов, которое работает на Android, iPhone и веб-странице. Зарегистрируйтесь, чтобы синхронизировать подписки на разных устройствах.
Похожие на TLP - The Digital Forensics Podcast
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
We help founders make something people want.
…
continue reading
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
Welcome to Hands-On Tech, where host Mikah Sargent turns tech troubles into tech triumphs. Each episode zooms in on a specific theme, unpacking listener questions with expert analysis and easy-to-follow advice. From decoding the latest gadgets to simplifying everyday tech, Mikah's got you covered. Submit your tech queries through email at HOT@twit.tv or via TWiT's social media. You might hear your question answered on air! And keep an ear out for guest experts who drop by to share their spec ...
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Player FM - приложение для подкастов
Работайте офлайн с приложением Player FM !
Работайте офлайн с приложением Player FM !
