Name: From Helpdesk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944
Start: 2025-08-14T15:00:00Z
End: 2025-08-14T15:01:06.000Z
Location: BrightTALK
Rating: 4.9

Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats. Mandiant is part of Google Cloud.

Modern threats utilize highly complex and obfuscated delivery chains to conceal their final payloads and evade detection. This tactical webinar, presented by Google Cloud VirusTotal Security Engineer and FLARE's reverse engineering expert, will demystify the process of analyzing these sophisticated multi-stage threats and show how to scale your static analysis pipeline.

We will demonstrate an in-depth analysis of a multi-stage .NET dropper that leads to the final AgentTesla payload. You will learn expert-level techniques to unravel these chains efficiently:

*Time-Travel Debugging (TTD) Mastery: See how to leverage TTD to navigate complex execution flows, trace obfuscation routines, and perform efficient analysis to quickly extract the primary payload.

*Rapid Static Triage: See the combined power of capa and FLOSS for swift malware capability identification and automated configuration extraction. Learn how to deobfuscate critical strings and access key indicators without ever running the final AgentTesla payload.

*Google Threat Intelligence Integration for Context & Validation: Discover how the high-fidelity indicators and extracted configuration data, once gathered, are instantly cross-referenced with Google Threat Intelligence's massive dataset. This pivoting capability allows analysts to gain immediate threat context, identify related samples, confirm findings, and showcase the effectiveness of crowd-sourced detection efforts.

We will move from initial traditional analysis to building a sense of the threat's complexity, utilizing TTD for payload extraction, analyzing the final configuration data, and pivoting to Google Threat Intelligence to see how detection is achieved through these multiple layers of obfuscation.

Don’t miss this opportunity to learn practical, scalable strategies for transforming complex reverse engineering tasks into automated, repeatable wins for your threat intelligence program.

Static Analysis at Scale: Unpacking the Malware Ecosystem

2025 was a big year for Google Threat Intelligence with a number of security-boosting and time-saving updates. We want to make sure none of these new capabilities slipped past you and make sure you are prepared for the new capabilities we are excited to deliver in 2026.

Join our product experts Megan Deblois, Product Manager and Sara Ouled, Technical Product Growth Team lead for this informative as they dive into: 
- Recently released features
- Practical new use cases
- An exclusive preview of our 2026 roadmap

Google Threat Intelligence News & 2026 Roadmap

Google Threat Intelligence News & 2026 Roadmap (APAC Timezone)

Cyber threats are constantly evolving. Learn how to stay ahead of them in 2026 with security expert Andrew Kopcienski.

Join this deep-dive session based on the Cybersecurity Forecast 2026 report, where Andrew will cover key trends and insights to help strengthen your cyber defenses in the year ahead, including:

- The AI Arms Race: How generative AI is being used by both attackers and defenders.
- Nation-State Threats: A deep dive into activity from the "Big Four"—China, Russia, North Korea, and Iran.
- The Cybercrime Economy: The latest tactics in ransomware, extortion, and cyber crime operations
- Regional Intelligence: Exclusive insights and predictions for the JAPAC and EMEA regions.

Google Cloud Cybersecurity Forecast 2026

This webinar will show you how to transform raw intelligence into a dynamic and actionable defense strategy.

We'll start with a real-world scenario sourced from Google Threat Intelligence, demonstrating how to extract key indicators and behaviors. From there, we'll use the power of agents powered by Gemini to build a robust threat model. We'll show you a step-by-step process, starting with a sequence of prompts to guide the creation of a threat hunt and then using intelligent agents to help automate and operationalize the entire workflow.

Join Muhammad Muneer, Principal Incident Response Consultant and Joseliyo Sánchez, Security Engineer as they show you how to move beyond manual analysis and use advanced AI to accelerate your threat hunting capabilities, enabling you to: 
- Proactively defend against modern threats with speed and precision
- Use AI tools to react quicker to threats when needed
- Enhance your current SOC workflows

Stop chasing alerts and start actively hunting threats. This is your chance to operationalize your threat intelligence and build a truly proactive defense with Google Cloud.

From Intel to Action: A Modern Threat Hunting Workflow

Join us for an in-depth exploration of Google Threat Intelligence, a powerful platform that blends advanced AI capabilities, crowdsourced data, large-scale device scanning, and deep human expertise from Mandiant with the community-driven intelligence of VirusTotal. 

In this webcast, SANS Instructor Dave Shackleford and Google’s Global Solutions Architect, Ben Cook, will talk about how this platform streamlines threat detection, enrichment, and analysis for security teams of all sizes. From tracking threat actors and malware campaigns to monitoring the dark web for emerging risks, you’ll see how Google’s converged ecosystem provides both operational and strategic value.

This discussion will include practical setup guidance and insights, including creating and managing Threat Profiles, leveraging Google ASM for attack surface monitoring, and using Digital Threat Monitoring to stay ahead of malicious activity. You’ll learn how analysts can enrich indicators, explore campaigns, visualize relationships in threat graphs, and integrate insights into your workflows with tools like IocStream. Whether you’re looking to enhance day-to-day threat analysis or inform long-term strategy, this review will give you a clear picture of how Google Threat Intelligence can elevate your security operations.

Enhancing Security Operations with Google Threat Intelligence

Effective threat hunting hinges on your ability to find adversaries before they achieve their objectives. This requires moving beyond generic indicators and arming your team with timely, relevant intelligence on the specific TTPs threat actors are using today. In this webinar, we will explore the latest how AI is making threat hunting more effective in less time than ever before.

Join us as we:
*Unveil  our groundbreaking Agentic Platform (now in public preview) — a major leap in applying AI to investigations and complex security tasks.
*Demo the Ransomware Data Leaks dashboard, offering fresh insights into evolving extortion trends.
*Showcase Code Insight, our AI-powered code analysis tool that converts plain text code files into clear, natural-language explanations—enabling analysts to understand complex threats without reading a single line of code.

The session concludes with a live Q&A, giving you the chance to engage with our experts and explore how these innovations can transform your threat hunting practices.

Threat Hunting with Google Threat Intelligence: Accelerating Investigations with AI (APAC Timezone)

What key strengths are essential for incident response and cyber resilience success?

Join our guest speaker Research VP Craig Robinson of IDC and Senior Director Nick Bennett from Mandiant, as they build on data and insights from the IDC MarketScape: Worldwide Incident Response 2025 Vendor Assessment report. This dynamic fireside chat will go beyond the headlines to provide a strategic look at the market.

Why Attend? 

As a cybersecurity leader, you'll gain the insights needed to strengthen your security posture and make informed decisions. By attending, you will:
- Benchmark your program: Discover the methodology and criteria in the IDC MarketScape that helped position Google as a leader and learn how to apply those same principles to your own organization.
- Align strategy with business goals: Get up-to-date information on the latest industry trends, including cyber risk management and recovery strategies, to optimize your incident response and cyber resilience plans.
- Enhance decision-making: Learn how to improve crisis communication and reduce the financial and reputational impact of a breach.

Mandiant’s Guide to Cyber Resilience in 2025 and Beyond

In the rush to adopt AI, your organization faces an urgent challenge: how do you enable innovation without exposing your most sensitive data and systems to new, unseen risks? This session provides a strategic roadmap for organizations to adopt and deploy AI securely from day one, helping you shift from a reactive security posture to a proactive strategy. 

Drawing on Mandiant's extensive experience assisting diverse, global organizations, Muhammad Muneer, Principal Security Engineer, will share actionable frameworks and strategies on: 
- Critical steps for establishing a secure AI environment 
- The role of a comprehensive governance framework
- Implementing secure development and deployment practices
- AI monitoring and threat detection
- Strengthening AI security incident response and recovery capabilities
- Fostering a culture of AI security awareness and training across the organization

Designed for both executive leadership and technical professionals, attendees will gain actionable insights and practical strategies for navigating the complexities of AI adoption. This session will empower your organization to prepare for a new wave of AI-driven threats.

Securing the AI revolution: How to prepare your organization for AI

La eficacia del Threat Hunting depende de la capacidad de los analistas para encontrar a los adversarios antes de que alcancen sus objetivos. Esto requiere ir más allá de los indicadores genéricos y dotar a su equipo de inteligencia relevante en el momento oportuno sobre las TTP específicas que los actores de amenazas utilizan hoy en día. En este webinar, exploraremos cómo la IA está haciendo que el Threat Hunting sea más eficaz en menos tiempo que nunca. Únase a nosotros para descubrir:
*Nuestra Plataforma Agentic (ahora en vista previa pública) —un gran avance en la aplicación de la IA a las investigaciones y a tareas complejas de seguridad.
*El Ransomware Data Leaks dashboard, que ofrece información actualizada sobre las tendencias cambiantes en materia de extorsión.
*Code Insight, nuestra herramienta de análisis de código impulsada por IA que convierte ficheros de código en texto plano en explicaciones claras en lenguaje natural, lo que permite a los analistas comprender amenazas complejas sin leer una sola línea de código.

La sesión concluirá con una serie de preguntas y respuestas en vivo, dándole la oportunidad de interactuar con nuestros expertos y mejorar sus prácticas de threat hunting.

Threat Hunting con Google Threat Intelligence: Acelerando investigaciones con IA (Versión en Español)

Effective threat hunting hinges on your ability to find adversaries before they achieve their objectives. This requires moving beyond generic indicators and arming your team with timely, relevant intelligence on the specific TTPs threat actors are using today. 

In this webinar, we will explore the latest how AI is making threat hunting more effective in less time than ever before. 

Join us as we:
*Unveil our groundbreaking Agentic Platform (now in public preview) — a major leap in applying AI to investigations and complex security tasks.

*Demo the Ransomware Data Leaks dashboard, offering fresh insights into evolving extortion trends.

*Showcase Code Insight, our AI-powered code analysis tool that converts plain text code files into clear, natural-language explanations—enabling analysts to understand complex threats without reading a single line of code.

The session concludes with a live Q&A, giving you the chance to engage with our experts and explore how these innovations can transform your threat hunting practices.

Threat Hunting with Google Threat Intelligence: Accelerating Investigations with AI

Unpacks today's trends in the cyber threat landscape, marked by escalating sophistication and destructive potential. It highlights that state-sponsored groups are increasingly focused on gaining persistent access to critical infrastructure and are rapidly experimenting with Al. This brief aims to equip security practitioners with actionable intelligence to proactively defend against evolving threats.

Navigating the Evolving Threat Landscape

Panelists will delve into how leaders across various industries are building exceptional proactive cyber defense programs. This session will explore strategies for continuous improvement, identify critical technical debt to eliminate, and discuss how to stay ahead of adversaries while fostering secure digital transformation.

Panel Discussion: Perspectives on Proactive Cyber Defense

Join FBI San Francisco and Mandiant as they unveil their collaborative approach to countering sophisticated cyber espionage threats from the People's Republic of China (PRC). This session will focus on advanced persistent threat actors, including UNC4841 and UNC5221, who exploit zero-day vulnerabilities in network appliances, and the emerging threat of PRC-aligned freelance actors like UNC5174.

FBI & Mandiant: Perspective on Countering PRC Cyber Threats

This session delves into notable multi-cloud incidents from 2025, dissecting destructive and intricate cases. Attendees will gain a deeper understanding of emerging threats, proactive defense measures, and best practices for robust multi-cloud detection and incident response.

Notable Cloud Incidents of 2025: Destructive and Complex Multi-Cloud IR Cases

This session shares real-world incidents where threat actors target the technical infrastructure but rely on business risk to accomplish their mission, and how executive teams are unprepared to respond to a cyber event at their organization.

Prepare for the Whole Attack: Building Executive Resilience

This talk will offer a glimpse into the Google Threat Intelligence Group's Advanced Practices team's initial experiences leveraging Al to tackle complexities within frontline cyber incident response. It will demonstrate how Al has significantly contributed to summarization and automation while preserving the crucial human element of threat analysis.

AI on the Frontlines

Legal experts explore the evolving landscape of cybersecurity and privacy laws. Key topics include the EU Digital Operations Resilience Act (DORA), China's Cross-Border Data Transfer Regime, and the challenges of global compliance. Attendees will leave with practical advice for navigating this complex regulatory environment.

The Evolving Global Cybersecurity and Privacy Regulatory Landscape

A sophisticated threat actor, UNC3944 (also tracked as Scattered Spider and 0ktapus), is executing highly effective attacks against corporate networks, culminating in ransomware deployment directly from the VMware hypervisor. Their campaign bypasses traditional security tools by avoiding malware in the initial stages and exploiting a critical visibility gap: the inability of Endpoint Detection and Response (EDR) to monitor the vSphere control plane.

The attack begins with clever social engineering of an IT helpdesk to gain an initial foothold in Active Directory. From there, the actor "lives off the land," using legitimate administrative tools to pivot from AD to the vCenter Server. By gaining control of the virtual infrastructure, they can perform offline data exfiltration, sabotage backups, and encrypt entire datastores from the ESXi hosts, rendering in-guest security agents powerless.

This webinar provides a deep dive into the five distinct phases of UNC3944's proven playbook. We will dissect their tactics, techniques, and procedures (TTPs) and present a fortified, three-pillar defense strategy focused on proactive hardening, architectural integrity, and advanced detection. Join us to learn how to protect your most critical infrastructure from this immediate and growing threat.

From Helpdesk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944

Threat Analysis

Threat Detection

Threat Intelligence

Social Engineering

Endpoint Security

Identity Management

Multi-Factor Authentication

Threat Assessment

Cyber Attacks

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

From Helpdesk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944

Presented by

About this talk

Mandiant | Intelligence and Expertise