Detecting Unauthorized Behavior From Legitimate Accounts

Incident Responders face an almost insurmountable amount of log events, and the move to the Cloud has only intensified this dependency on log data for intrusion analysis.Attackers are shifting techniques to utilize compromised accounts to hide their activity among the volume of legitimate business...

By

Rodney Caudle

June 22, 2022

All papers are copyrighted. No re-posting of papers is permitted

Related Content

DFIR - Blog - Running EZ Tools Natively on Linux_340 x 340.jpg

Digital Forensics, Incident Response & Threat Hunting

Running EZ Tools Natively on Linux: A Step-by-Step Guide

Developed by Eric Zimmerman, the EZ Tools suite is a collection of utilities written to assist with multiple aspects of forensic analysis.

CD - Blog - Making Linux Security Accessible Blog Series - Part 5 -340 x 340.jpg

Network Security Basics: Connecting Safely – Part 5 of 5 of the Terminal Techniques for You (TTY): Making Linux Security Accessible Blog Series

Secure your Linux system by managing open ports, configuring firewalls, and using SSH best practices to minimize exposure to cyber threats.

Charles Goldner

DFIR - Blog - Are Ransomware Victims Paying Less_340 x 340.jpg

Digital Forensics, Incident Response & Threat Hunting

Are Ransomware Victims Paying Less? Insights from the Latest Stay Ahead of Ransomware Live Stream

In this month's reboot of the SANS Stay Ahead of Ransomware live stream, we dove into one of the most pressing questions in cyber extortion today.

Mari DeGrazia