Remote Access Tools: The Hidden Threats Inside Your Network

Presented by

David Pearson, Principal Threat Researcher, Awake Security

About this talk

Many remote access tools are used legitimately and not considered malware. However, these tools actively bypass network controls, obscuring which parties are communicating, when, and how. This ability to fly under the radar is attractive to malicious insiders and outside attackers alike. This talk will discuss common techniques these tools use and how security teams can find and understand them. In this webinar you will: 1) Gain an understanding of why remote access tools should be on your radar 2) Learn common techniques used by remote access tools to bypass conventional detections 3) Learn how to dissect remote access tools within Wireshark 4) Discover information that is sometimes leaked by these programs 5) Learn how to abstract out detection capabilities for this class of programs

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (10)
Subscribers (1145)
The Awake Security Investigation Platform enables rapid, iterative and conclusive alert investigations and hunting by placing the context security teams need at their fingertips. Gathering this context manually, if even possible, can take hours combing through dozens of data sources. Awake reduces this to minutes, closing the investigation gap with a patent-pending and quick to deploy platform that builds on more than two years of R&D with over 200 security teams. Using proprietary behavioral analytics and machine learning, Awake extracts often ignored signals from full packet capture and other data sources to create a Security Knowledge Graph™. By automatically pre-correlating, profiling and tracking assets including devices, users and domains it surfaces notable behaviors previously difficult or impossible for the security team to consume. In addition, Awake facilitates the capture and sharing of procedural knowledge among the team and enhances existing workflows via powerful integrations and a rich API. Awake’s customers see a 10X improvement in time to truth when investigating threats facing the organization and can thus more effectively manage risk. Moreover, Awake’s industry leading performance allows for effective hunting that has helped uncover insider threats, corporate espionage, lateral movement, data exfiltration and other non-malware-based threats.