A Tale of Two Beacons: Detecting Implants at the Host and Network Levels

Logo
Presented by

Giovanni Vigna Sr. Director Threat Intelligence VMware, Jared Myers Sr. Manager, TAU VMware

About this talk

Cobalt Strike, a tool that support red teams in attack simulation exercises, provides several techniques to execute attacks that compromise a target network, establish a bulkhead in the network, and then move laterally to gain additional access to computers, accounts and, eventually, data. While the intention of Cobalt Strike was to provide a framework to test network defenses, the power provided by the tool was not lost on malicious actors. Given its dual nature and wide adoption by both sides of the security battlefield, it is not surprising that Cobalt Strike-related detections account for a substantial portion of alerts in most networks. This presentation discusses how Cobalt Strike’s abused components (especially the Beacon) can be detected at the host and network levels.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (41)
Subscribers (6243)
Welcome to the VMware NSX Channel!