Hunting OneNote Malware: A Practical Guide for Blue Teams

Channel:
United States SANS Cyber Defense
Subscribers:
23,700
Published on ● Video Link: https://www.youtube.com/watch?v=rgSoHVcQQBI


Category:
Guide
Duration: 29:15
271 views
9

SANS Blue Team Summit 2023
Hunting OneNote Malware: A Practical Guide for Blue Teams
Speaker: Hiren Sadhwani, Security Analyst, Forescout Technologies

In today's rapidly evolving threat landscape, OneNote malware is an emerging concern for organizations that rely on this popular note-taking application. This presentation will provide a comprehensive overview of OneNote malware, exploring its various forms and the methods employed by adversaries to compromise systems. Attendees will gain valuable insights into the anatomy of OneNote malware attacks, including the tactics, techniques, and procedures (TTPs) commonly used by threat actors. We will also discuss the latest trends in OneNote malware campaigns, revealing their objectives and potential impacts on targeted organizations. Crucially, this presentation will offer practical guidance for Blue Teams on detecting and mitigating OneNote malware threats. We will demonstrate how to leverage various tools, techniques, and best practices to enhance your organization's security posture. This includes understanding the TTPs, implementing effective threat hunting methodologies, and adopting a proactive and layered security approach. We will also discuss some hunting queries to hunt OneNote malware. By the end of this presentation, attendees will be better equipped to defend their organizations against OneNote malware threats and to implement robust security measures that minimize potential risks. This talk is aimed at Threat Hunters, Security Analysts,Incident Responders, and IT professionals seeking to expand their knowledge on OneNote malware and enhance their organization's defenses.

View upcoming Summits: http://www.sans.org/u/DuS



Other Videos By SANS Cyber Defense


2023-08-03What does it take to author a cybersecurity book?
2023-07-31Join us for the SANS Open-Source Intelligence (OSINT) Summit 2023 - September 22!
2023-07-28The Risk to Space: Satellite Communications Systems and Ground Networks as Attack Targets
2023-07-28Drop It Like It's Qbot Separating malicious droppers, loaders, and crypters from their payloads
2023-07-28Panel | 1%: Tiny Gains producing Big Improvements
2023-07-28Zero Trust Architecture: Beyond Proxy or Point Solutions
2023-07-28Ecosystem of Insights: Building Operation Dashboards That Enable Teams
2023-07-28Bridging the Gap: Improving Rules Effectiveness by Integrating Detection and Response
2023-07-28Blueprint Live - 11 Strategies of a World-Class Cybersecurity Operations Center
2023-07-28Cloudy with a Chance of Breaches: OSINTAdventures in Tracing Exposed Credentials
2023-07-28Hunting OneNote Malware: A Practical Guide for Blue Teams
2023-07-28BlueHound: Blue Teams of the World Unite!
2023-07-28The Cyber Pilfer Chain: detecting and disrupting post-exploitation data theft
2023-07-28Keynote | How to Save Your SOC from Stagnation
2023-07-28Keynote | Leave Only Footprints: When Prevention Fails
2023-07-28Blurple Teaming: Open Source Continuous Security Testing in the SOC
2023-07-18Strategies of a World-Class SOC | Host: John Hubbard | July 18, 2023
2023-07-17Strategy 11: Turn up the Volume by Expanding SOC Functionality
2023-07-14Threat Hunting via DeepBlueCLI v3
2023-07-10Strategy 10: Measure Performance to Improve Performance | SANS Blueprint Podcast
2023-07-03Strategy 9: Communicate Clearly, Collaborate Often, Share Generously | SANS Blueprint Podcast


Tags:
cyber defense
cyber security
cyber defense training
cyber security training
cybersecurity
cybersecurity training
threat hunting
OneNote malware
malware
blue team
blue teaming
sans blue team summit
blue team summit
blue teaming cyber security
Hiren Sadhwani
TTPs
OneNote malware attacks
threat hunting methodologies
threat hunting techniques
OneNote malware threats