Incident Response Masterclass: Investigate a Rogue Insider
About this talk
Join for a play-by-play of a live attack simulation and investigation of a rogue insider threat using DatAlert’s new DFIR capabilities.
During this training session, our security analysts will execute a new attack scenario in our lab.
Here’s the scenario:
An insider was paid to exfiltrate sensitive organizational data
To remain uncovered, he takes control on a service account
Using the service account, he scans company filers for documents with indicating keywords
Copies matching documents to his PC
Creates an encrypted ZIP file
To remain uncovered, he uses the service account to upload the ZIP file to an external Gmail account