Can you Detect This? | Inside The Ransomware Operator's Toolkit
SANS Ransomware Summit 2022
Speakers:
Peter O, Cyber Threat Analyst, The DFIR Report
Yatin Wadhwa, Cyber Threat Analyst, The DFIR Report
Have you ever wondered how those indicators of compromise relate to a ransomware attack? This talk will provide practical guidance on common ransomware tools and techniques observed from The DFIR Report Cases. We'll share detection opportunities and some threat hunting techniques for detecting attacker hands-on keyboard activities. This presentation will not provide academic thoughts or theory. All details are based on 'Real Intrusions by Real Attackers, The Truth Behind the Intrusion.' It will serve as a practical guide for defenders to understand a typical attack, the common tools utilized by ransomware operators throughout the intrusion, why tools are utilized, and the different techniques leveraged. We'll share some of the detection quick wins, and resources that are available to assist and prepare against ransomware attacks. The topics we will explore are:
• Review of common tools and techniques in 2021
• Ransomware attack objectives
• Mapping an attack to detection opportunities
• Understanding human behaviors
• Spotting the adversary
View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE