Crouching Miner, Hidden Exfil: The Saga Continues

Presented by

Troy Kent, Threat Researcher, Awake Security

About this talk

Everyone talks about alert fatigue and the unfortunate reality of overworked and undertrained analysts. What happens though when attackers start to focus on that reality as a point of failure? In this webinar, we will discuss how trivial this can be for an attacker. Using minimal time and open source tools, we will fly under the radar by taking advantage of analyst biases and assumptions. We'll specifically explore how we can edit an open source miner to make it fileless, and then use it for command and control and to exfiltrate data. We will then show how artificial intelligence and advanced network traffic analysis tools detect threats such as these and enable you to respond decisively. Key Learning Objectives include: - Discuss the not-so-obvious challenges alert fatigue poses - Illustrate with an example how attackers hide in plain sight - See how AI can help the analyst find and then respond to these attackers

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (10)
Subscribers (1149)
The Awake Security Investigation Platform enables rapid, iterative and conclusive alert investigations and hunting by placing the context security teams need at their fingertips. Gathering this context manually, if even possible, can take hours combing through dozens of data sources. Awake reduces this to minutes, closing the investigation gap with a patent-pending and quick to deploy platform that builds on more than two years of R&D with over 200 security teams. Using proprietary behavioral analytics and machine learning, Awake extracts often ignored signals from full packet capture and other data sources to create a Security Knowledge Graph™. By automatically pre-correlating, profiling and tracking assets including devices, users and domains it surfaces notable behaviors previously difficult or impossible for the security team to consume. In addition, Awake facilitates the capture and sharing of procedural knowledge among the team and enhances existing workflows via powerful integrations and a rich API. Awake’s customers see a 10X improvement in time to truth when investigating threats facing the organization and can thus more effectively manage risk. Moreover, Awake’s industry leading performance allows for effective hunting that has helped uncover insider threats, corporate espionage, lateral movement, data exfiltration and other non-malware-based threats.