Hi [[ session.user.profile.firstName ]]

Crouching Miner, Hidden Exfil: The Saga Continues

Everyone talks about alert fatigue and the unfortunate reality of overworked and undertrained analysts. What happens though when attackers start to focus on that reality as a point of failure? In this webinar, we will discuss how trivial this can be for an attacker. Using minimal time and open source tools, we will fly under the radar by taking advantage of analyst biases and assumptions. We'll specifically explore how we can edit an open source miner to make it fileless, and then use it for command and control and to exfiltrate data. We will then show how artificial intelligence and advanced network traffic analysis tools detect threats such as these and enable you to respond decisively.

Key Learning Objectives include:

- Discuss the not-so-obvious challenges alert fatigue poses

- Illustrate with an example how attackers hide in plain sight

- See how AI can help the analyst find and then respond to these attackers
Recorded Jan 16 2019 34 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Troy Kent, Threat Researcher, Awake Security
Presentation preview: Crouching Miner, Hidden Exfil: The Saga Continues

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • AI For Security: What can we Learn from the Human Brain? Recorded: Mar 6 2019 27 mins
    Rudolph Araujo, VP Marketing, Awake Security & Rob Clyde, CISM, Board Chair, ISACA and Board Director, Titus
    Much has been made about the promise of artificial intelligence to solve ALL of our security problems. One way to cut through the marketing hype is to think about how “natural intelligence” or the human brain works in similar situations.

    Join Rudolph Araujo, VP Marketing at Awake Security as we discuss:
    - How the brain operate and why is that relevant to information security
    - The importance of cognition
    - The role attention filters play
    - The meaning of AI and humans

    Rudolph is 20-year security veteran that has responded to incidents, advised customers on risk posture and helped them ship secure software. He currently works at Awake Security, the world’s leading advanced network traffic analysis company, where he strives to make prospects and customers successful with Awake.
  • CISO Challenges and Tips for a More Secure Enterprise Recorded: Mar 5 2019 43 mins
    Terence Jackson, Rudolph Araujo, Jeffrey Carpenter, Masha Sedova
    What are the key challenges CISOs are facing in 2019? Security leaders and practitioners are struggling to secure their organizations on a limited budget, a lack of trained cyber talent, ever-changing threatscape, and a disappearing security perimeter.

    Join security leaders, researchers and experts for an interactive discussion on:
    - CISO priorities for 2019
    - How to get the board on your side
    - What keeps CISOs up at night
    - Coping with analyst fatigue: Challenges and solutions
    - Recommendations for breach prevention, detection and response

    Panelists: Terence Jackson (Thycotic), Rudolph Araujo (Awake Security), Jeffrey Carpenter (Crossmatch, Part of HID Global), Masha Sedova (Elevate Security)
  • Crouching Miner, Hidden Exfil: The Saga Continues Recorded: Jan 16 2019 34 mins
    Troy Kent, Threat Researcher, Awake Security
    Everyone talks about alert fatigue and the unfortunate reality of overworked and undertrained analysts. What happens though when attackers start to focus on that reality as a point of failure? In this webinar, we will discuss how trivial this can be for an attacker. Using minimal time and open source tools, we will fly under the radar by taking advantage of analyst biases and assumptions. We'll specifically explore how we can edit an open source miner to make it fileless, and then use it for command and control and to exfiltrate data. We will then show how artificial intelligence and advanced network traffic analysis tools detect threats such as these and enable you to respond decisively.

    Key Learning Objectives include:

    - Discuss the not-so-obvious challenges alert fatigue poses

    - Illustrate with an example how attackers hide in plain sight

    - See how AI can help the analyst find and then respond to these attackers
  • (JA)3 Reasons to Rethink Your Encrypted Traffic Analysis Strategies Recorded: Jan 8 2019 62 mins
    Troy Kent, Awake Security & Dave Shackleford, SANS
    The network has a ground-truth property that is hard to replicate with other security data sources. So, for years the network has been a valuable source of insight that enabled effective detection and response. However, the network is becoming increasingly opaque as the definition of the network itself changes with cloud computing and as more of the data on the network is encrypted. This means security teams are losing visibility into this powerful data source, just as attackers use techniques like encryption to evade traditional detection methods. In this talk, we will cover one aspect of this challenge: encryption on the wire. With the specific use case of identifying and profiling applications behind the encryption, we will discuss the current state of the art when it comes to encrypted traffic analysis. The talk will highlight some of the shortcomings in current approaches including fingerprint libraries like JA3. We will also dive deep into some strategies that are effective, yet not noisy for the security team. Finally, we will provide guidance on the capabilities your security stack needs in order to shine light into encrypted traffic on the wire.
  • Remote Access Tools: The Hidden Threats Inside Your Network Recorded: Dec 18 2018 24 mins
    David Pearson, Principal Threat Researcher, Awake Security
    Many remote access tools are used legitimately and not considered malware. However, these tools actively bypass network controls, obscuring which parties are communicating, when, and how. This ability to fly under the radar is attractive to malicious insiders and outside attackers alike. This talk will discuss common techniques these tools use and how security teams can find and understand them.

    In this webinar you will:

    1) Gain an understanding of why remote access tools should be on your radar
    2) Learn common techniques used by remote access tools to bypass conventional detections
    3) Learn how to dissect remote access tools within Wireshark
    4) Discover information that is sometimes leaked by these programs
    5) Learn how to abstract out detection capabilities for this class of programs
  • Threat Prevention for Financial Services Recorded: Mar 14 2018 62 mins
    Elizabeth Duke, Dr. Hongwen Zhang (Wedge Networks), Michael Callahan (Awake Security), Matt Van Buskirk (Hummingbird)
    Bank breaches, hacks, and advanced fraud cases are unfortunately becoming common news headlines. With criminals getting smarter and more of the world's wealth at risk, organisations need to constantly stay one step ahead.

    Join this panel where security experts will discuss:
    -Preventing both outside and insider threats
    -Using analytics and machine learning to prevent attacks before they hit
    -Protecting valuable customer data from malware and data breaches
    -The challenges with mobile banking and payment security
  • The Goldilocks Problem of AI in Security: How to Find the “Just Right” Use Cases Recorded: Jan 17 2018 49 mins
    Gary Golomb, Co-founder and Chief Research Officer, Awake Security
    Like many technologies, artificial intelligence (AI) and machine learning (ML) are "just right" for some types of problems, but are often over-sold for others they are just not well-suited for. This webinar will dive into the characteristics of problems that AI/ML can greatly help enterprise security teams solve, but also contrast those against use cases where AI/ML is a much higher risk for those same resource-strapped teams. In those situations, the technology can actually worsen the skills deficit in the organization, rather than making it better.

    Attending this webinar will give you a framework for evaluating AI/ML technologies, including:

    - When can AI/ML indeed replace people, and when is it better suited to assist people?
    - What types of threats is it best suited for?
    - How does AI/ML fit in with other methodologies like security analytics, for threat detection?
    - How can AI/ML help with security investigations and incident response?
    - How can organizations evaluate vendor claims and ask them the right questions?
Helping security analysts lower time to truth
The Awake Security Investigation Platform enables rapid, iterative and conclusive alert investigations and hunting by placing the context security teams need at their fingertips. Gathering this context manually, if even possible, can take hours combing through dozens of data sources. Awake reduces this to minutes, closing the investigation gap with a patent-pending and quick to deploy platform that builds on more than two years of R&D with over 200 security teams.

Using proprietary behavioral analytics and machine learning, Awake extracts often ignored signals from full packet capture and other data sources to create a Security Knowledge Graph™. By automatically pre-correlating, profiling and tracking assets including devices, users and domains it surfaces notable behaviors previously difficult or impossible for the security team to consume. In addition, Awake facilitates the capture and sharing of procedural knowledge among the team and enhances existing workflows via powerful integrations and a rich API.

Awake’s customers see a 10X improvement in time to truth when investigating threats facing the organization and can thus more effectively manage risk. Moreover, Awake’s industry leading performance allows for effective hunting that has helped uncover insider threats, corporate espionage, lateral movement, data exfiltration and other non-malware-based threats.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Crouching Miner, Hidden Exfil: The Saga Continues
  • Live at: Jan 16 2019 7:00 pm
  • Presented by: Troy Kent, Threat Researcher, Awake Security
  • From:
Your email has been sent.
or close