SlideShare une entreprise Scribd logo

Understanding Fileless (or Non-Malware) Attacks and How to Stop Them

CrowdStrike
CrowdStrike

How adversaries use fileless attacks to evade your security and what you can do about it Standard security solutions have continued to improve in their ability to detect and block malware and cyberattacks. This has forced cybercriminals to employ stealthier methods of evading legacy security to achieve success, including launching fileless attacks, where no executable file is written to disk. Download this presentation provided by CrowdStrike security experts to learn why so many of today’s adversaries are abandoning yesterday’s malware and relying on an evolving array of fileless exploits. You’ll learn how fileless attacks are conceived and executed and why they are successfully evading the standard security measures employed by most organizations. You’ll also receive guidance on the best practices for defending your organization against these stealthy, damaging attacks. The following presentation includes: --How a fileless attack is executed — see how an end-to-end attack unfolds --Why fileless attacks are having so much success evading legacy security solutions --How you can protect your organization from being victimized by a fileless attack, including the security technologies and policies that are most effective

Technologie
1  sur  25
Télécharger pour lire hors ligne
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. WHO NEEDS MALWARE? UNDERSTANDING FILELESS ATTACKS AND HOW TO STOP THEM
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. 1 What are fileless attacks 2 How does a fileless attack work 3 Real world examples 4 Why traditional approaches don’t work 5 The CrowdStrike approach
POOL QUESTION HOW WOULD YOU RATE YOUR KNOWLEDGE OF FILELESS ATTACKS 1 TO 5 (1 = NONE. 5 = EXPERT) 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
WHAT IS A FILELESS ATTACK 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. An attack that does not require a malicious executable file to be written to disk
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THE REALITY OF FILELESS ATTACKS Fileless techniques are not new More prevalent than Ransomware 24% vs. 21% 78% of organizations are concerned about fileless attacks Only 51% of breaches include malware - Source Verizon BDR 2017 Not all attacks are 100% fileless 80% of attacks use some fileless techniques - Source CrowdStrike Incident Response
FILELESS ATTACK TECHNIQUES 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. FILELESS TECHINQUES FILELESS INTRUSION TECHNIQUES OBSERVED BY THE FALCON PLATFORM § Spear phishing for credentials § Lateral movement using ‘living off the land’ tools (WMI, Unix commands, Powershell) § Registry persistence § Webshells
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. 1. Attacker identifies organization with vulnerable web application 2. Remote attacker uses SQL injection or other vulnerability to drop payload 3. Vulnerable webserver is compromised and becomes backdoor WEBSHELL ATTACKS
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. FILELESS TECHINQUES FILELESS INTRUSION TECHNIQUES OBSERVED BY THE FALCON PLATFORM § Spear phishing for credentials § Lateral movement using ‘living off the land’ tools (WMI, Unix commands, Powershell) § Registry persistence § Webshells § Powershell-based credential dumpers
G O A L T O O L S T E C H N I Q U E HOW A FILELESS ATTACK TAKES PLACE I N I T I A L C O M P R O M I S E 1 Remote access to a system using a web browser. Can be web scripting language E.g. China Chopper GAIN ACCESS WebShell C O M M A N D A N D C O N T R O L 2 Run system commands to find out where we are RECON Sysinfo, Whoami P R I V I L E G E E S C A L AT I O N 3 Run a PowerShell script such as Mimikatz to dump credentials DUMP CREDENTIALS PowerShell P E R S I S T E N C E 4 Modifies Registry to create a backdoor E.g. On screen keyboard or sticky keys MAINTAIN PERSISTENCE Registry E X F I LT R AT I O N 5 Uses system tools to gather data and China Chopper Webshell to exfiltrate data EXFILTRATE DATA VSSAdmin, Copy, NET use, Webshell
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. REAL WORLD EXAMPLES § Fileless Malwre: Kovter § Fileless Attack: Nation State
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. KOVTER § Click-fraud § Fileless after initial infection § Hides encrypted malicious modules in the registry § Hides other malicious modules in PowerShell scripts § Uses shortcut file (.lnk) to download PowerShell scripts. The script launches PowerShell to start a shellcode
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. NATION STATE ATTACK § Weaponization: Spoofed website § Delivery: Spear phishing § PowerShell modules connect to a remote server § Install/run MimiKatz § Lateral movement through stolen credentials
MOVING LATERALLY WITHOUT MALWARE 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Attacker sets the bait with a fake website Extract credentials from initial victim Move laterally to other hosts
HOW TO PROTECT AGAINST FILELESS ATTACKS 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
HOW WOULD YOU RATE YOUR CURRENT LEVEL OF PROTECTION AGAINST FILELESS ATTACKS (1 = POOR – 5 = EXCELLENT) 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. EDUCATE 83%Rate traditional AV based signature efficacy good or excellent
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. WHY TRADITIONAL APPROACHES DON’T WORK No file to analyze No artifacts left behind Blind if prevention fails Uses legitimate applications No file to detonate Hands on keyboard
PROTECTS AGAINST ALL TYPES OF ATTACKS Protect against Known/ Unknown Malware/Malware Free Protect Against Zero-Day Attacks Endpoint Detection and Response Managed Threat Hunting BENEFITS FALCON ENDPOINT PROTECTION Machine Learning IOA Behavioral Blocking Block Known Bad Exploit Mitigation 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
PROCESS INJECTS A THREAD INTO SYSTEM PROCESS INJECTED THREAD READS CREDENTIALS FROM THE SYSTEM PROCESS MEMORY DUMPED CREDENTIALS ARE USED TO LOGIN INTO EXCHANGE SERVER MAILBOXES ARE EXPORTED OUT OF EXCHANGE INDICATORS OF ATTACK 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. PROCESS CONDUCTS RECONNAISSANCE PROCESS ELEVATES PRIVILEGES WEB SERVER EXECUTES A PROCESS
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. KEY TAKEAWAYS THE THREAT IS REAL TRADITIONAL AV IS NOT ENOUGH CURRENT DEFENSES DO NOT WORK NEED TO THINK BEYOND MALWARE AND FOCUS ON STOPPING THE BREACH
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Questions? Please submit all questions in the Q&A chat right below the presentation slides Contact Us Additional Information Join Weekly Demos crowdstrike.com/productdemos Featured Asset: How Adversaries Use Fileless Attacks To Evade Your Security Link in Resource List Website: crowdstrike.com Email: info@crowdstrike.com Number: 1.888.512.8902 (US)

Recommandé

Fileless Malware Infections
Fileless Malware InfectionsFileless Malware Infections
Fileless Malware InfectionsRamon
 
Catching fileless attacks
Catching fileless attacksCatching fileless attacks
Catching fileless attacksBalaji Rajasekaran
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetCrowdStrike
 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfSouvikRoy114738
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Fileless Malware [Cyber Security]
Fileless Malware [Cyber Security]Fileless Malware [Cyber Security]
Fileless Malware [Cyber Security]sumit saurav
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter HimselfTeymur Kheirkhabarov
 
Malware Static Analysis
Malware Static AnalysisMalware Static Analysis
Malware Static AnalysisHossein Yavari
 

Recommandé

Fileless Malware Infections
Fileless Malware InfectionsFileless Malware Infections
Fileless Malware InfectionsRamon
 
Catching fileless attacks
Catching fileless attacksCatching fileless attacks
Catching fileless attacksBalaji Rajasekaran
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetCrowdStrike
 
Thick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfThick Client Penetration Testing.pdf
Thick Client Penetration Testing.pdfSouvikRoy114738
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Fileless Malware [Cyber Security]
Fileless Malware [Cyber Security]Fileless Malware [Cyber Security]
Fileless Malware [Cyber Security]sumit saurav
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter HimselfTeymur Kheirkhabarov
 
Malware Static Analysis
Malware Static AnalysisMalware Static Analysis
Malware Static AnalysisHossein Yavari
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentTeymur Kheirkhabarov
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory ForensicsIIJ
 
You can detect PowerShell attacks
You can detect PowerShell attacksYou can detect PowerShell attacks
You can detect PowerShell attacksMichael Gough
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentTeymur Kheirkhabarov
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
Here Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLsHere Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLsAndy Robbins
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureSergey Soldatov
 
DAST in CI/CD pipelines using Selenium & OWASP ZAP
DAST in CI/CD pipelines using Selenium & OWASP ZAPDAST in CI/CD pipelines using Selenium & OWASP ZAP
DAST in CI/CD pipelines using Selenium & OWASP ZAPsrini0x00
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01Michael Gough
 
I hunt sys admins 2.0
I hunt sys admins 2.0I hunt sys admins 2.0
I hunt sys admins 2.0Will Schroeder
 
Source Code Analysis with SAST
Source Code Analysis with SASTSource Code Analysis with SAST
Source Code Analysis with SASTBlueinfy Solutions
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101Narudom Roongsiriwong, CISSP
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter HimselfSergey Soldatov
 
Hunting fileless malware
Hunting fileless malwareHunting fileless malware
Hunting fileless malwareOlha Pasko
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Nevada County Tech Connection
 
Uncovering and Visualizing Botnet Infrastructure and Behavior
Uncovering and Visualizing Botnet Infrastructure and BehaviorUncovering and Visualizing Botnet Infrastructure and Behavior
Uncovering and Visualizing Botnet Infrastructure and BehaviorAndrea Scarfo
 

Contenu connexe

Tendances

How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentTeymur Kheirkhabarov
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory ForensicsIIJ
 
You can detect PowerShell attacks
You can detect PowerShell attacksYou can detect PowerShell attacks
You can detect PowerShell attacksMichael Gough
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentTeymur Kheirkhabarov
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
Here Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLsHere Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLsAndy Robbins
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureSergey Soldatov
 
DAST in CI/CD pipelines using Selenium & OWASP ZAP
DAST in CI/CD pipelines using Selenium & OWASP ZAPDAST in CI/CD pipelines using Selenium & OWASP ZAP
DAST in CI/CD pipelines using Selenium & OWASP ZAPsrini0x00
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01Michael Gough
 
Source Code Analysis with SAST
Source Code Analysis with SASTSource Code Analysis with SAST
Source Code Analysis with SASTBlueinfy Solutions
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Hunting fileless malware
Hunting fileless malwareHunting fileless malware
Hunting fileless malwareOlha Pasko
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 

Tendances (20)

How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory Forensics
 
You can detect PowerShell attacks
You can detect PowerShell attacksYou can detect PowerShell attacks
You can detect PowerShell attacks
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows Environment
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
 
Here Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLsHere Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLs
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows Infrastructure
 
DAST in CI/CD pipelines using Selenium & OWASP ZAP
DAST in CI/CD pipelines using Selenium & OWASP ZAPDAST in CI/CD pipelines using Selenium & OWASP ZAP
DAST in CI/CD pipelines using Selenium & OWASP ZAP
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
 
I hunt sys admins 2.0
I hunt sys admins 2.0I hunt sys admins 2.0
I hunt sys admins 2.0
 
Source Code Analysis with SAST
Source Code Analysis with SASTSource Code Analysis with SAST
Source Code Analysis with SAST
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
 
Hunting fileless malware
Hunting fileless malwareHunting fileless malware
Hunting fileless malware
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
 

Similaire à Understanding Fileless (or Non-Malware) Attacks and How to Stop Them

Uncovering and Visualizing Botnet Infrastructure and Behavior
Uncovering and Visualizing Botnet Infrastructure and BehaviorUncovering and Visualizing Botnet Infrastructure and Behavior
Uncovering and Visualizing Botnet Infrastructure and BehaviorAndrea Scarfo
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakCrowdStrike
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Canada
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting WorkshopSplunk
 
Adversary tactics config mgmt-&-logs-oh-my
Adversary tactics config mgmt-&-logs-oh-myAdversary tactics config mgmt-&-logs-oh-my
Adversary tactics config mgmt-&-logs-oh-myJesse Moore
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq OWASP-Qatar Chapter
 
Making application threat intelligence practical - DEM06 - AWS reInforce 2019
Making application threat intelligence practical - DEM06 - AWS reInforce 2019 Making application threat intelligence practical - DEM06 - AWS reInforce 2019
Making application threat intelligence practical - DEM06 - AWS reInforce 2019 Amazon Web Services
 
Architecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofArchitecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofJonathan Sinclair
 
Beveilig je data met windows 10
Beveilig je data met windows 10 Beveilig je data met windows 10
Beveilig je data met windows 10 Avanade Nederland
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 
Hands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill ChainHands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill ChainSplunk
 

Similaire à Understanding Fileless (or Non-Malware) Attacks and How to Stop Them (20)

Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
 
Uncovering and Visualizing Botnet Infrastructure and Behavior
Uncovering and Visualizing Botnet Infrastructure and BehaviorUncovering and Visualizing Botnet Infrastructure and Behavior
Uncovering and Visualizing Botnet Infrastructure and Behavior
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting Workshop
 
Adversary tactics config mgmt-&-logs-oh-my
Adversary tactics config mgmt-&-logs-oh-myAdversary tactics config mgmt-&-logs-oh-my
Adversary tactics config mgmt-&-logs-oh-my
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq
 
Making application threat intelligence practical - DEM06 - AWS reInforce 2019
Making application threat intelligence practical - DEM06 - AWS reInforce 2019 Making application threat intelligence practical - DEM06 - AWS reInforce 2019
Making application threat intelligence practical - DEM06 - AWS reInforce 2019
 
Architecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofArchitecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereof
 
Novinky F5
Novinky F5Novinky F5
Novinky F5
 
Beveilig je data met windows 10
Beveilig je data met windows 10 Beveilig je data met windows 10
Beveilig je data met windows 10
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture
 
Privacy by design
Privacy by designPrivacy by design
Privacy by design
 
Primer for Information Security Programs
Primer for Information Security ProgramsPrimer for Information Security Programs
Primer for Information Security Programs
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
 
Hands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill ChainHands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill Chain
 

Plus de CrowdStrike

Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsCrowdStrike
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning CrowdStrike
 
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaJava Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaCrowdStrike
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdStrike
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyCrowdStrike
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGSCrowdStrike
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperCrowdStrike
 
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperCrowdStrike
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsCrowdStrike
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
Be Social. Use CrowdRE.
Be Social. Use CrowdRE.Be Social. Use CrowdRE.
Be Social. Use CrowdRE.CrowdStrike
 

Plus de CrowdStrike (18)

Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
 
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaJava Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
 
Venom
Venom Venom
Venom
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the Hash
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
 
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS Whitepaper
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
 
Be Social. Use CrowdRE.
Be Social. Use CrowdRE.Be Social. Use CrowdRE.
Be Social. Use CrowdRE.
 

Dernier

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 

Dernier (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

Understanding Fileless (or Non-Malware) Attacks and How to Stop Them

  • 1. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. WHO NEEDS MALWARE? UNDERSTANDING FILELESS ATTACKS AND HOW TO STOP THEM
  • 2. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. 1 What are fileless attacks 2 How does a fileless attack work 3 Real world examples 4 Why traditional approaches don’t work 5 The CrowdStrike approach
  • 3. POOL QUESTION HOW WOULD YOU RATE YOUR KNOWLEDGE OF FILELESS ATTACKS 1 TO 5 (1 = NONE. 5 = EXPERT) 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 4.
  • 5. WHAT IS A FILELESS ATTACK 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. An attack that does not require a malicious executable file to be written to disk
  • 6.
  • 7. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THE REALITY OF FILELESS ATTACKS Fileless techniques are not new More prevalent than Ransomware 24% vs. 21% 78% of organizations are concerned about fileless attacks Only 51% of breaches include malware - Source Verizon BDR 2017 Not all attacks are 100% fileless 80% of attacks use some fileless techniques - Source CrowdStrike Incident Response
  • 8. FILELESS ATTACK TECHNIQUES 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 9. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. FILELESS TECHINQUES FILELESS INTRUSION TECHNIQUES OBSERVED BY THE FALCON PLATFORM § Spear phishing for credentials § Lateral movement using ‘living off the land’ tools (WMI, Unix commands, Powershell) § Registry persistence § Webshells
  • 10. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. 1. Attacker identifies organization with vulnerable web application 2. Remote attacker uses SQL injection or other vulnerability to drop payload 3. Vulnerable webserver is compromised and becomes backdoor WEBSHELL ATTACKS
  • 11. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. FILELESS TECHINQUES FILELESS INTRUSION TECHNIQUES OBSERVED BY THE FALCON PLATFORM § Spear phishing for credentials § Lateral movement using ‘living off the land’ tools (WMI, Unix commands, Powershell) § Registry persistence § Webshells § Powershell-based credential dumpers
  • 12. G O A L T O O L S T E C H N I Q U E HOW A FILELESS ATTACK TAKES PLACE I N I T I A L C O M P R O M I S E 1 Remote access to a system using a web browser. Can be web scripting language E.g. China Chopper GAIN ACCESS WebShell C O M M A N D A N D C O N T R O L 2 Run system commands to find out where we are RECON Sysinfo, Whoami P R I V I L E G E E S C A L AT I O N 3 Run a PowerShell script such as Mimikatz to dump credentials DUMP CREDENTIALS PowerShell P E R S I S T E N C E 4 Modifies Registry to create a backdoor E.g. On screen keyboard or sticky keys MAINTAIN PERSISTENCE Registry E X F I LT R AT I O N 5 Uses system tools to gather data and China Chopper Webshell to exfiltrate data EXFILTRATE DATA VSSAdmin, Copy, NET use, Webshell
  • 13. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. REAL WORLD EXAMPLES § Fileless Malwre: Kovter § Fileless Attack: Nation State
  • 14. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. KOVTER § Click-fraud § Fileless after initial infection § Hides encrypted malicious modules in the registry § Hides other malicious modules in PowerShell scripts § Uses shortcut file (.lnk) to download PowerShell scripts. The script launches PowerShell to start a shellcode
  • 15. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. NATION STATE ATTACK § Weaponization: Spoofed website § Delivery: Spear phishing § PowerShell modules connect to a remote server § Install/run MimiKatz § Lateral movement through stolen credentials
  • 16. MOVING LATERALLY WITHOUT MALWARE 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Attacker sets the bait with a fake website Extract credentials from initial victim Move laterally to other hosts
  • 17. HOW TO PROTECT AGAINST FILELESS ATTACKS 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 18. HOW WOULD YOU RATE YOUR CURRENT LEVEL OF PROTECTION AGAINST FILELESS ATTACKS (1 = POOR – 5 = EXCELLENT) 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 19.
  • 20. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. EDUCATE 83%Rate traditional AV based signature efficacy good or excellent
  • 21. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. WHY TRADITIONAL APPROACHES DON’T WORK No file to analyze No artifacts left behind Blind if prevention fails Uses legitimate applications No file to detonate Hands on keyboard
  • 22. PROTECTS AGAINST ALL TYPES OF ATTACKS Protect against Known/ Unknown Malware/Malware Free Protect Against Zero-Day Attacks Endpoint Detection and Response Managed Threat Hunting BENEFITS FALCON ENDPOINT PROTECTION Machine Learning IOA Behavioral Blocking Block Known Bad Exploit Mitigation 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 24. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. KEY TAKEAWAYS THE THREAT IS REAL TRADITIONAL AV IS NOT ENOUGH CURRENT DEFENSES DO NOT WORK NEED TO THINK BEYOND MALWARE AND FOCUS ON STOPPING THE BREACH
  • 25. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Questions? Please submit all questions in the Q&A chat right below the presentation slides Contact Us Additional Information Join Weekly Demos crowdstrike.com/productdemos Featured Asset: How Adversaries Use Fileless Attacks To Evade Your Security Link in Resource List Website: crowdstrike.com Email: info@crowdstrike.com Number: 1.888.512.8902 (US)