A Tale of Two Beacons: Detecting Implants at the Host and Network Levels

Presented by

Giovanni Vigna Sr. Director Threat Intelligence VMware, Jared Myers Sr. Manager, TAU VMware

About this talk

Cobalt Strike, a tool that support red teams in attack simulation exercises, provides several techniques to execute attacks that compromise a target network, establish a bulkhead in the network, and then move laterally to gain additional access to computers, accounts and, eventually, data. While the intention of Cobalt Strike was to provide a framework to test network defenses, the power provided by the tool was not lost on malicious actors. Given its dual nature and wide adoption by both sides of the security battlefield, it is not surprising that Cobalt Strike-related detections account for a substantial portion of alerts in most networks. This presentation discusses how Cobalt Strike’s abused components (especially the Beacon) can be detected at the host and network levels.
Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (123)
Subscribers (5556)
VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. We streamline the journey for your organization to become a digital business that deliver better experiences to your customers and empower employees to do their best work. Our software spans App Modernization, Cloud, Networking & Security and Digital Workspace. In this channel, you will find resources to help you build, run, manage and secure your apps across clouds. Visit us at https://www.vmware.com/ to find out more.