Detecting a cyberattack in progress is an essential part of any security strategy. But it is becoming increasingly difficult to spot malicious attackers who gain access to information systems through vulnerabilities in the identity system and then move stealthily through the environment (often undetected for weeks or months). before launching malware. To detect identity system attacks, many companies rely on DC event log consolidation and SIEM solutions. But some attack techniques leave no trace of malicious activity.
In this session, Tal Sarid will demonstrate some attack techniques that bypass traditional monitoring solutions.
You will leave with guidelines to protect yourself against cyberattacks that leave no trace:
– Understand how common attack techniques that bypass logging work, including DCShadow, Group Policy changes (as in the case of Ryuk ransomware), and Zerologon attacks
– How to proactively protect your Active Directory from attacks without a trace by focusing on domain controller replication traffic to detect changes to Group Policy and changes to specific objects
– How to undo malicious changes to AD
– How to speed up your response to malicious changes once they are detected with targeted forensic analysis
Visit https://www.semperis.com/ to learn more about how to protect your Active Directory and stay ahead of cyberattacks.
Please take the opportunity to connect and share this video with your friends and family if you find it useful.
No Comments