Think Like a Hybrid Attacker Solutions Forum 2023

Wednesday, 04 Oct 2023 11:00AM EDT (04 Oct 2023 15:00 UTC)
Speaker: Matt Bromiley

Today’s cyberattacks use any means necessary to gain access. As enterprises continue to shift to hybrid and multi-cloud environments, embrace digital identities, digital supply chains, and ecosystems — SOC teams are continuously faced with more. More attack surface for attackers to exploit and infiltrate. More methods for attackers to evade defenses and progress laterally. More noise, complexity and hybrid cloud attacks and incidents.

Join our “Think Like a Hybrid Attacker” forum, where our team of security researchers, data scientists, and security analysts will showcase industry-leading research, emerging attacker tradecraft and the effective AI-driven methodology needed to keep pace with hybrid attackers. You’ll gain practical insights and have the path toward unmatched resilience, SOC modernization, and agile response to advanced attacks.

Forum Highlights:

Discover Industry-Leading Research: Dive into the world of security research, where we'll uncover the methods and tools used by cybersecurity experts to anticipate and dissect potential threats to stay ahead of breaches.
Deconstruct Attack Tradecraft: Step into the shoes of an attacker as we break down real-world attack scenarios. Understand the tactics, techniques, and procedures employed by malicious actors to infiltrate and compromise organizations.
Defend the Hybrid Attack Surface: Explore how real hybrid cloud attacks can be stopped with the right AI-driven approach.

Connect with fellow attendees and our event chairs in the SANS Solutions Forum Interactive Slack Workspace Sign in once and you'll be all set for the rest of our 2023 Solutions Forums. We'll see you there!

Login to Register

Thank You To Our Sponsor!

Agenda | October 4, 2023 | 11AM - 2PM EDT

Save your seat now!

Schedule (EDT)	Description
11:00AM	Welcome and Opening Remarks Matt Bromiley, Certified Instructor, SANS Institute
11:10AM	Identity: The Attackers Lynchpin in the Hybrid Enterprise In 2022 Vectra monitored over 1 million cloud identities across the globe. This visibility, combined with independent research, has unveiled the types of attacks and techniques attackers are currently using. In this session, we will report on the active techniques used to progress attacks against SaaS applications, including M365 and identity providers, so that you will be better prepared to stop future attacks. John Mancini, Group Product Manager, Vectra AI
11:30AM	Lightning Round: Attacker Tradecraft: State-Sponsored Spear-Phishing with the Lazarus Cybercrime Group During this lightning session, we'll dive into Lazarus Group techniques that target employees at pharmaceutical companies — a common theme throughout the pandemic in an attempt to steal proprietary patent information. This attack highlights that trend where an employee at a Global 500 company was targeted through social media to ultimately gain initial access. Payam Farazi, Director, Security Engineering, Vectra AI
11:35AM	Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization Attackers target Microsoft identities for access to applications and SaaS platforms, exploiting native functions over vulnerabilities. Nobelium, linked to SolarWinds, uses native tools like Federated Trusts for ongoing tenant access. This session will reveal an attacker leveraging another native function, enabling persistent access to a Microsoft cloud tenant using lateral movement and other tactics. This vector exploits misconfigured Cross-Tenant Sync, letting attackers breach connected tenants or establish rogue configurations. Arpan Sarkar, Technical Engineer - Threat Hunting, Vectra AI
11:55AM	Lightning Round: Attacker Tradecraft: How Volt Typhoon Deploys "Living Off the Land" Techniques Volt Typhoon emphasizes gathering information such as user credentials to assist with Live Off The Land (LOTL) techniques to maintain access. The actor attempts to leverage any privileges available on compromised devices and extract data to an AD account with attempts to authenticate to other devices on the network. Join our lightning session to learn more. Payam Farazi, Director, Security Engineering, Vectra AI
12:00PM	The Art of Red Teaming: Best Practices and Insights Choosing the right security assessment method can be intimidating as your attack surface grows. Penetration testing assesses vulnerabilities comprehensively, while red teaming provides a targeted, no-holds-barred approach. During this session, our experts will explore the role for both methods and their importance in securing your hybrid environments. Tom D'Aquino, Director, Security Validation, Vectra AI Matt Bromiley, Certified Instructor, SANS Institute
12:25PM	Break
12:40PM	Bridging the Gap in Current Cloud Threat Detection Tools - Meet the DeRF Introducing the DeRF (Detection Replay Framework) — a solution addressing gaps in cloud threat detection integration. Existing tools often lack flexibility and extensibility for evolving use cases and custom attack techniques. DeRF's key design choices include segregating infrastructure deployment and attack execution permissions, catering to expanding capabilities and user roles. It's highly extensible — featuring built-in attack techniques and easy customization via YAML files —without altering core functionality. Embrace DeRF to enhance cloud threat detection and seamlessly adapt to evolving security needs. Kat Trexler, Principal Security Researcher, Vectra AI
1:05PM	Lightning Round: Attacker Tradecraft: Hybrid Cloud Attack Simulation Using a Zero-Day Exploit As a leading R&D company specializing in advanced materials, FictoTech’s high-value intellectual property makes them a prime target for cyberattacks. This attack was initiated through a zero-day exploit that was left unpatched in an on-premises marketing server, where IT does not control software updates. Payam Farazi, Director, Security Engineering, Vectra AI
1:10PM	Fighting Fire with Fire: How LLMs are Used to Attack and Defend Enterprises During this session, we'll discuss the dual role of Language Model Machines (LLMs) in cybersecurity and how LLMs act as both assailants and protectors of enterprises, fundamentally reshaping security practices. Join us as we discuss the offensive and defensive applications of LLMs, shedding light on their transformative impact on cybersecurity. Sohrob Kazerounian, Distinguished AI Researcher, Vectra AI Matt Bromiley, Certified Instructor, SANS Institute
1:35PM	Keynote Session: Stopping Hybrid Attacks with Integrated Attack Signal In the era of hybrid enterprises, SOC teams are constantly faced with more: More attack surface to cover. More alerts to manage. More analyst workload, burnout and turnover. But that doesn't have to be your story. During this session, we’ll show you how to break this daunting spiral of more to achieve SOC modernization and hybrid attack resilience. Kevin Kennedy, Senior Vice President - Product, Vectra AI
2:00PM	Closing Remarks Matt Bromiley, Certified Instructor, SANS Institute

Related Content

CLD_-_Blog_-_Building_a_Cloud_Security_Flywheel_340_x_340.jpg

Building a Cloud Security Flywheel: Lessons from the Field

Shaun McCullough, SANS Certified Instructor, shares his insights on building a cloud security flywheel.

Shaun McCullough

CLD_-_Aviata_Cloud_Solo_Flight_Challenge_-_General_-_Workshop_340_x_340.jpg

Aviata Cloud Solo Flight Challenge

Master cloud security by tackling this free series of workshops.

SANS Cloud Security

Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, Artificial Intelligence (AI)

A Visual Summary of SANS New2Cyber Summit 2024

Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024