Hiding in the clouds: How attackers can use applications for sustained persistence & how to find it

Channel:
United States SANS Cyber Defense
Subscribers:
23,600
Published on ● Video Link: https://www.youtube.com/watch?v=Sax2RFM27JE


Category:
Guide
Duration: 25:02
245 views
4

Applications are modernizing. With that, the way permissions for these applications are granted are also changing. These new changes can allow an attacker to have sustained persistence in plain sight if we don’t understand how these work and where to look.  What’s the difference if an application has permissions or an application has delegated permissions? Why did that admin account consent to that application, should I be worried? Is that application overprivileged? I have thousands of apps, how do I account for this? In this session we will look to demystify and bring clarity to these questions. You’ll understand these new application models and how they can be abused for sustained persistence, how these permissions work and what overprivileged looks like and finally, how to find them in your environment.

Speakers:
Yochana Henderson, Program Manager, Microsoft
Mark Morowczynski @markmorow, Principal Program Manager, Microsoft

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at http://www.sans.org/u/195g



Other Videos By SANS Cyber Defense


2020-12-11Ask Us (Almost) Anything About Cyber Defense | SANS Cyber Defense Forum 2020
2020-12-10Resource Smart Detection with YARA and osquery
2020-12-09Automating Threat Hunting on the Dark Web and other nitty-gritty things | SANS Cyber Defense Forum
2020-12-07Ransomware Defense and Response: Minimizing Risk of an Increasing Threat | SANS Cyber Defense Forum
2020-12-06Resolve Security Alerts with Adaptive Intelligence and Guided Response | SANS Cyber Defense Forum
2020-12-05And Then There Were None (More False Positives): Writing Better EDR Detections | Cyber Defense Forum
2020-12-03XDR - The Hidden Pitfalls of Evaluation and Deployment | SANS Cyber Defense Forum 2020
2020-12-01Metrics on Steroids: Improving SOC Maturity using the SOC-CMM | SANS Cyber Defense Forum 2020
2020-12-01Taking Your Detection Program to the Next Level | SANS Cyber Defense Forum 2020
2020-11-29Analysis 101 for Incident Responders | SANS Cyber Defense Forum 2020
2020-11-28Hiding in the clouds: How attackers can use applications for sustained persistence & how to find it
2020-11-27Asking Questions and Writing Effectively | SANS Cyber Defense Forum 2020
2020-11-25New Tools for your Threat Hunting Toolbox | SANS Cyber Defense Forum 2020
2020-11-16Full Packet Capturing with TShark for Continuous Monitoring & Threat Intel via IP, Domains, & URLS
2020-09-14PowerShell 2020: State of the Art / Hack / Infection
2020-07-30Social Engineering Your Way to Success | Justin Henderson & Ismael Valenzuela
2020-07-22Extending Your Home Lab to include Cloud
2020-07-17Danger Stewards – Measuring Risk and Predicting the Future for Fun and Profit
2020-07-17Network Compromise for the Technically Challenged (Dummies)
2020-07-17You Can Write an Infosec Book!
2020-07-17ICMP: A world beyond ping


Tags:
sans institute
cyber defense forum
sans cyber defense forum
cyber defense
cyber defender
yochana henderson
mark morowczynski
cloud
cloud security
application security