You’ve found Cobalt Strike on your Network. Is it Being Weaponized?

Presented by

Patrick Knight, Sr. Threat Researcher & Architect, ReversingLabs

About this talk

Cobalt Strike, the popular penetration tool, has been abused by threat actors for years with thousands of abuse instances being recorded. Existing abuse can range from ransomware deployment to surveillance to data exfiltration and it’s presence can be the only noticeable precursor to a ransomware infection. During this session, Patrick Knight, Sr. Threat Researcher & Architect at ReversingLabs, will discuss how penetration tools like Cobalt Strike, PsExec and Mimikatz variants are abused by cybercriminals and common tools for APT groups. Patrick will use Cobalt Strike as an example to cover the different stages of a ransomware infection, why response plans need to map to a particular stage of an attack, the common tools involved at each stage of the attack, and the hunting methods required to analyze artifacts in order to prevent becoming a victim.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (19)
Subscribers (1417)
ReversingLabs is the leading provider of explainable threat intelligence solutions that shed the necessary light on complex file-based threats for enterprises stretched for time and expertise. Its hybrid-cloud Titanium Platform enables digital business resiliency, protects against new modern architecture exposures, and automates manual SOC processes with a transparency that arms junior analysts to confidently take action.