Du har ikke tillatelse til å se dette opptaket. Logg deg på eller bruk din personlige lenke.
Om Dette Webinaret
In this talk, we're going to share two interesting stories about catching high valuable threat intelligence in the Wild. We'll discuss what it takes to uncover these threats and what challenges we faced along the way.
The first story takes us back to October 2023 when Talos reported that threat actors were exploiting vulnerabilities in Cisco IOS XE Software Web Management User Interface. Patches to fix these issues started coming out after October 22nd. In the meantime, Cisco suggested turning off internet access to the Web Management User Interface. We were not satisfied with this solution, so, before patches were available, we looked for a proof of concept – but there was none. However, we all knew that threat actors were taking advantage of the weakness. So, we set up a honeypot and did some patch diffing. The results surprised us.
The second story is about an incident response situation where we found a new, not well-known technique for stealing credentials. Despite the presence of one of the top-tier Endpoint Detection and Response (EDR) systems in the industry, no alarms were set off.
From the proactive approach of setting up honeypots to uncover vulnerabilities before patches are available, to finding undetected techniques during incident response engagements, these two stories offer valuable insights into the pursuit of high-value threat intelligence.
Hvis du skal ta sikkerhet på alvor bør du ikke gå glipp av dette foredraget!
Presentasjonsholder
Danijel Grah
Danijel Grah has over a decade of experience in the field of cybersecurity. He began his career as a consultant, later moved into research, and today at Conscia he works as a cyber security analyst in the Security Operations Center (SOC).
Danijel has rich experience in penetration testing and security hardening, programming, consulting, and developing systems of cyber defense. He has published and presented research papers at various international conferences in the field of information security, and he has confirmed his knowledge and experience with industry certificates such as GRID and GCRF.