My Cloud is APT's Cloud Investigating and Defending Office 365

Channel:
United States All Hacking Cons
Subscribers:
6,000
Published on ● Video Link: https://www.youtube.com/watch?v=4s3IFfH8r-c


Duration: 40:43
2 views
0

Doug Bienstock | Principal Consultant, Mandiant
Josh Madeley | Manager, Mandiant
Date: Thursday, August 6 | 1:30pm-2:10pm
Format: 40-Minute Briefings
Track: Data Forensics & Incident Response

As organizations increase their adoption of cloud services, we see attackers following them to the cloud. Microsoft Office 365 is becoming the most common email platform in enterprises across the world and it is also becoming an increasingly interesting target for threat actors. Office 365 encompasses not only Exchange, but also Teams, SharePoint, OneDrive, and more. The sheer volume of data stored in Office 365 means that in many cases an attacker need not compromise the on-premise network to complete their mission.

In this talk, we walk through a number of case studies taken from real APT intrusions that we've been a part of. We will begin with relatively unsophisticated techniques that are used by small-time actors and have been widely discussed. From there, we work our way up to the most sophisticated and stealthy techniques that we have only observed in the wild on a few occasions. These techniques utilize parts of Office 365 that are often poorly understood and not closely monitored.

Along the way, we will provide insight into the various forensic artifacts available to an investigator and their many nuances. We will discuss some important gotchas that can trip up inexperienced analysts. Lastly, we will also discuss important best practices for administrators to defend their tenants against these increasingly sophisticated threats.
Black Hat - USA - 2020 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-09Emulating Samsung's Baseband for Security Testing
2022-01-09Hunting Invisible Salamanders: Cryptographic (in)Security with Attacker-Controlled Keys
2022-01-09Mind Games Using Data to Solve for the Human Element
2022-01-09Breaking Samsung's Root of Trust: Exploiting Samsung S10 Secure Boot
2022-01-09I calc'd Calc - Exploiting Excel Online
2022-01-09Engineering Empathy: Adapting Software Engineering Principles and Process to Security
2022-01-09Multiple Bugs in Multi-Party Computation: Breaking Cryptocurrency's Strongest Wallets
2022-01-09Breaking VSM by Attacking SecureKernel
2022-01-09Escaping Virtualized Containers
2022-01-09Experimenting with Real Time Event Feeds
2022-01-09My Cloud is APT's Cloud Investigating and Defending Office 365
2022-01-09Building a Vulnerability Disclosure Program that Works for Election Vendors and Hackers
2022-01-09EtherOops: Exploring Practical Methods to Exploit Ethernet Packet-in-Packet Attacks
2022-01-09Exploiting Kernel Races through Taming Thread Interleaving
2022-01-09Needing the DoH: The Ongoing Encryption and Centralization of DNS
2022-01-09Building Cyber Security Strategies for Emerging Industries in Sub Saharan Africa
2022-01-09FASTCash and INJX Pure How Threat Actors Use Public Standards for Financial Fraud
2022-01-09CloudLeak: DNN Model Extractions from Commercial MLaaS Platforms
2022-01-09NoJITsu: Locking Down JavaScript Engines
2022-01-09Carrying our Insecurities with Us The Risks of Implanted Medical Devices in Secure Spaces
2022-01-09Finding New Bluetooth Low Energy Exploits via Reverse Engineering Multiple Vendors' Firmwares


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
password
code
web
protection
malware
criminal
phishing
software
access
safety
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
SharePoint
Doug Bienstock
Josh Madeley
office 360
apt
cloud