�ݺ�ߣshows by User: ChungWeeJing

�ݺ�ߣshows by User: ChungWeeJing / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: ChungWeeJing / Sun, 23 Jun 2019 09:49:31 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: ChungWeeJing Threat hunting in_windows /slideshow/threat-hunting-inwindows-151338031/151338031 threathuntinginwindows-190623094931
Threat actors, criminal groups have traditionally been ahead of the detection curve; circumventing automate defenses and stealthily compromising an entire enterprise. As defenders, its crucial to adopt an offensive mindset to level the playing field. In this presentation, we will first discuss on the various types of techniques used by threat actors which can aid them to stealthily compromise an entire organisation . Next we will look at detection. With the use of open source tooling, we will discuss how defenders can hunt for evidence of compromise by adopting an offensive mindset.]]>
Threat actors, criminal groups have traditionally been ahead of the detection curve; circumventing automate defenses and stealthily compromising an entire enterprise. As defenders, its crucial to adopt an offensive mindset to level the playing field. In this presentation, we will first discuss on the various types of techniques used by threat actors which can aid them to stealthily compromise an entire organisation . Next we will look at detection. With the use of open source tooling, we will discuss how defenders can hunt for evidence of compromise by adopting an offensive mindset.]]> Sun, 23 Jun 2019 09:49:31 GMT /slideshow/threat-hunting-inwindows-151338031/151338031 ChungWeeJing@slideshare.net(ChungWeeJing) Threat hunting in_windows ChungWeeJing Threat actors, criminal groups have traditionally been ahead of the detection curve; circumventing automate defenses and stealthily compromising an entire enterprise. As defenders, its crucial to adopt an offensive mindset to level the playing field. In this presentation, we will first discuss on the various types of techniques used by threat actors which can aid them to stealthily compromise an entire organisation . Next we will look at detection. With the use of open source tooling, we will discuss how defenders can hunt for evidence of compromise by adopting an offensive mindset. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/threathuntinginwindows-190623094931-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> Threat actors, criminal groups have traditionally been ahead of the detection curve; circumventing automate defenses and stealthily compromising an entire enterprise. As defenders, its crucial to adopt an offensive mindset to level the playing field. In this presentation, we will first discuss on the various types of techniques used by threat actors which can aid them to stealthily compromise an entire organisation . Next we will look at detection. With the use of open source tooling, we will discuss how defenders can hunt for evidence of compromise by adopting an offensive mindset.

Threat hunting in_windows from Chung Wee Jing

]]> 121 1 https://cdn.slidesharecdn.com/ss_thumbnails/threathuntinginwindows-190623094931-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 You are not_hiding_from_me_.net /slideshow/you-are-nothidingfrommenet-151337937/151337937 youarenothidingfromme-190623094722
For years, we at Countercept have seen adversaries across the threat pyramid make use of PowerShell tool-kits for lateral movement, data exfiltration and persistence over different environments. As defenders, we have done a pretty good job – PowerShell is a fading threat in time. Mimikatz execution through PowerShell? AMSI and PowerShell logging can handle that relatively well. However, adversaries being adversaries don’t just give up. They have migrated tool-kits to areas where visibility is still limited – such as .NET. Favoured by adversaries due to its wide range of functionalities, ease of development, and default presence on modern Windows platforms, we have seen a significant increase in exploitation toolkits leveraging .NET to perform usual activities - but in an area where they are relatively hidden.]]>
For years, we at Countercept have seen adversaries across the threat pyramid make use of PowerShell tool-kits for lateral movement, data exfiltration and persistence over different environments. As defenders, we have done a pretty good job – PowerShell is a fading threat in time. Mimikatz execution through PowerShell? AMSI and PowerShell logging can handle that relatively well. However, adversaries being adversaries don’t just give up. They have migrated tool-kits to areas where visibility is still limited – such as .NET. Favoured by adversaries due to its wide range of functionalities, ease of development, and default presence on modern Windows platforms, we have seen a significant increase in exploitation toolkits leveraging .NET to perform usual activities - but in an area where they are relatively hidden.]]> Sun, 23 Jun 2019 09:47:22 GMT /slideshow/you-are-nothidingfrommenet-151337937/151337937 ChungWeeJing@slideshare.net(ChungWeeJing) You are not_hiding_from_me_.net ChungWeeJing For years, we at Countercept have seen adversaries across the threat pyramid make use of PowerShell tool-kits for lateral movement, data exfiltration and persistence over different environments. As defenders, we have done a pretty good job – PowerShell is a fading threat in time. Mimikatz execution through PowerShell? AMSI and PowerShell logging can handle that relatively well. However, adversaries being adversaries don’t just give up. They have migrated tool-kits to areas where visibility is still limited – such as .NET. Favoured by adversaries due to its wide range of functionalities, ease of development, and default presence on modern Windows platforms, we have seen a significant increase in exploitation toolkits leveraging .NET to perform usual activities - but in an area where they are relatively hidden. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/youarenothidingfromme-190623094722-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> For years, we at Countercept have seen adversaries across the threat pyramid make use of PowerShell tool-kits for lateral movement, data exfiltration and persistence over different environments. As defenders, we have done a pretty good job – PowerShell is a fading threat in time. Mimikatz execution through PowerShell? AMSI and PowerShell logging can handle that relatively well. However, adversaries being adversaries don’t just give up. They have migrated tool-kits to areas where visibility is still limited – such as .NET. Favoured by adversaries due to its wide range of functionalities, ease of development, and default presence on modern Windows platforms, we have seen a significant increase in exploitation toolkits leveraging .NET to perform usual activities - but in an area where they are relatively hidden.

You are not_hiding_from_me_.net from Chung Wee Jing

]]> 50 1 https://cdn.slidesharecdn.com/ss_thumbnails/youarenothidingfromme-190623094722-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://public.slidesharecdn.com/v2/images/profile-picture.png https://cdn.slidesharecdn.com/ss_thumbnails/threathuntinginwindows-190623094931-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/threat-hunting-inwindows-151338031/151338031 Threat hunting in_windows https://cdn.slidesharecdn.com/ss_thumbnails/youarenothidingfromme-190623094722-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/you-are-nothidingfrommenet-151337937/151337937 You are not_hiding_fro...