2026-04-07 01-22-58_Clip_Clip-02-01_Clip

May 31, 2026 23:32 · 25:05 · English · Whisper Turbo · 2 بلندگوها
اين رونوشت امروز تموم ميشه ارتقا برای ذخیره‌سازی دائمی →
نمایش فقط
0:00
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
different stages of the attack you can see on the screen here.
0:03
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We're going to go through each of these stages here in a second.
0:07
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Now this isn't really directly tied into threat hunting,
0:11
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
but it is very important to know because our goal here is
0:15
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
to detect the attack and find the malware,
0:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the malicious attacker on the network.
0:22
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
early in this chain as possible.
0:25
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So it's important to kind of be familiar with these different phases
0:29
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
of the attack to be able to detect it as early as possible.
0:34
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So let's start by talking about the reconnaissance phase.
0:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This is the first phase of the attack where the attacker is basically just
0:42
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
getting information.
0:43
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They're doing their research.
0:45
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They're looking up information.
0:47
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They're gathering as much data about their target as they can so
0:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
they can begin to build out their attack.
0:54
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And there's active and passive methods that attackers can
0:58
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
use.
0:58
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Your passive method is going to be something like
1:01
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
searching on the internet just for information about their
1:06
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
victim or their target,
1:08
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
just for general information,
1:09
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
maybe information about what kind of network equipment or servers
1:14
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
they may run.
1:16
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
perhaps trying to gather a lot of email addresses to use in a
1:20
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
phishing campaign or anything like that.
1:23
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Then you also have active methods,
1:25
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
which is when an attacker will actively start scanning the network to try
1:29
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and see,
1:30
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, what ports may be open to the internet or maybe what systems their
1:36
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
target might be using on a kind of a public network.
1:40
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Typically, there's not going to be much you're going to find when we're talking about
1:44
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
threat hunting in the reconnaissance phase,
1:46
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
since for the most part,
1:48
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
it is going to be very passive activities that don't have any connection to the
1:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
target network,
1:53
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
except for things like network scans.
1:55
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But again,
1:56
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
those are going to be very difficult to see in a threat hunt.
2:00
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
That moves us on to the weaponization phase.
2:03
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This is the phase of the attack where the attacker has gotten all their
2:07
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
information and they start creating the payload,
2:10
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the final payload they're going to,
2:11
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
or at least the initial payload,
2:13
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
they're going to deliver to the victim.
2:16
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And this can be something like a remote access tool,
2:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
also known as a rat,
2:20
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
or some other sort of backdoor that the attacker can use to kind of
2:24
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
maintain persistence on the network.
2:27
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This could be encryption tools for a VA ransomware attack.
2:30
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This could be other software that downloads additional
2:34
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
malware from the attacker -controlled network.
2:37
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
There's a lot of different options here for the
2:41
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
type of payload that an attacker can create here in the weaponization
2:46
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
phase.
2:46
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Now, there's not going to be anything you're going to find in threat hunting in this phase because
2:50
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this is the attacker just creating the tools.
2:54
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
There's typically not any interaction with their target or with their victim at
2:58
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this point, which means there's going to be nothing in logs for anybody to find during
3:02
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the threat hunt.
3:03
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
The delivery phase,
3:05
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
however, this is when you might be able to start finding information in logs,
3:09
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and this is going to be typically one of the earliest phases you'll be able to
3:13
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
start detecting and blocking attacks when it comes to a threat
3:17
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
hunt.
3:18
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This is when that payload the attacker created is then sent
3:22
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
to the victim.
3:23
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We're talking about a phishing attack.
3:25
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This could be something like an email.
3:27
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This could be a malicious website used maybe a watering hole attack where,
3:31
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, a lot of different victims may go to the same website and it may download
3:35
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
malware onto systems.
3:37
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This could be just a drive -by download,
3:40
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
maybe a malicious ad or something like that,
3:43
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
or even perhaps a malicious USB drive.
3:46
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
There's a lot of different ways and a lot of different methods
3:50
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
that attackers can deliver their payloads to their victims.
3:53
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But again, this is going to be typically the first spot where you're going
3:57
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
to be able to detect any sort of threat when you're carrying out
4:02
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
a threat hunt.
4:02
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Now,
4:03
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
after the attacker has gotten the malware or whatever tool
4:08
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
it is they're using onto the victim's network,
4:11
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this is where the exploitation phase comes in.
4:15
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This is where that malicious payload,
4:17
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
that malware is run on the victim system.
4:20
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And this is going to depend on what the delivery method was
4:24
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and what the malware is.
4:25
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But this could be something like the user opening a malicious email attachment
4:30
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
or clicking on a malicious link in an email.
4:33
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Or visiting the website that has that drive -by download where
4:37
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
they then download and run that malware.
4:40
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And there can be other vulnerabilities the attacker may be
4:44
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
exploiting during this phase as well using other methods.
4:49
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This all just depends on the specific attack.
4:51
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But there's going to definitely be things you'll be able to find in logs
4:56
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
through doing a threat hunt here.
4:58
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But at this point,
4:59
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the attacker...
5:00
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
is typically gaining their foothold in the network here
5:04
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
if their initial malware has been run.
5:06
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This exploitation phase can also be kind of a multi -step process
5:10
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
here where maybe the original payload was a very small
5:15
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
downloader that wasn't necessarily malicious in its own
5:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
right, but maybe he's gotten through an email filter,
5:22
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
for example.
5:24
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
where its sole purpose is just to connect to the attacker
5:28
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
-controlled infrastructure and download the real malware.
5:32
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So the exploitation phase can be multi -step with that
5:36
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
original payload not necessarily being malicious
5:41
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
in the ways that,
5:42
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
say,
5:43
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
email filters or antivirus software might be able to detect.
5:48
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
The installation phase is when the attacker absolutely has the foothold
5:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
on the network.
5:53
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This is where they're installing additional tools through
5:57
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the use of that original payload they were able to get on
6:02
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the victim's system.
6:04
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
These are very frequently tools that are used to carry out their end
6:08
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
goal here,
6:09
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and this could be something like software to encrypt data or encrypt systems
6:13
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
for a ransomware attack.
6:14
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This could be more advanced or more complex malware that is specifically
6:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
tailored for the victim's infrastructure.
6:22
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This could also be command and control software that allows the attacker...
6:28
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Excuse me.
6:29
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
That allows the attacker to have that victim system
6:33
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
connect back to their system so the attacker has greater control
6:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
over it.
6:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This could be tools to steal and exfiltrate data
6:42
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
from their target.
6:44
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Again, it really depends on what their end goal
6:48
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
is here.
6:49
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But there's, again,
6:49
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
definitely things you'll be able to find here.
6:54
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
in logs and various systems and IOCs and artifacts,
6:58
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
definitely information you'll be able to find here in a threat hunt.
7:02
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But at this point,
7:03
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the attacker is carrying out their end goals.
7:06
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They've got their foothold in the system.
7:09
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
If you haven't been able to detect the threat by now,
7:12
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
it would be a good time to be able to see it.
7:15
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Basically, again,
7:16
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this is any tools the attacker needs to carry out their
7:20
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
end goals,
7:21
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
their end objective.
7:24
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Command and control,
7:25
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this is where the attacker is being able to kind of customize the
7:30
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
attack even further.
7:31
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They're able to connect the victim machine to the
7:36
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
attacker's controlled infrastructure.
7:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
A lot of times this might use the what are known as
7:42
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
well -known ports,
7:43
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
something like 80 or 443.
7:45
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
A lot of times attackers will do this to evade.
7:48
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
or get around outbound firewall rules.
7:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
You're typically not going to have outbound firewall rules that
7:56
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
block 80 and 443 because,
7:57
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
well, that's going to block web browsing for the organization.
8:01
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So the attacker can kind of actually piggyback off that
8:06
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
depending on,
8:06
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, how the organization's security infrastructure is set
8:11
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
up.
8:11
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Very commonly,
8:12
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this command and control,
8:13
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
also known as C2 or CNC traffic,
8:17
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
is going to be encrypted.
8:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So analysts and threat hunters aren't going to be able to
8:23
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
really see what exactly this traffic is doing.
8:27
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They'll just be able to see where it's coming from on their network and
8:31
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
what the destination is for the attacker -controlled infrastructure.
8:35
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But again,
8:36
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this allows the attacker to run additional commands.
8:40
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
on the organization's infrastructure,
8:42
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
lets them download and run additional malware.
8:46
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And if it hasn't been blocked,
8:48
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
allows them to potentially overcome any mitigations
8:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
that the incident responders or the SOC analysts
8:57
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
may have already started putting in place.
8:59
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
If there's mitigations in place,
9:01
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
but the attacker still has the command and control infrastructure
9:05
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and is still able to connect in,
9:07
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
they may be able to kind of get around some of those mitigations.
9:11
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They can customize the attack even further.
9:15
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
based on the environment that they are in.
9:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And then our last phase is known as actions on objectives.
9:23
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This is essentially the attacker is accomplishing their
9:27
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
goals.
9:28
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They have reached their goal.
9:29
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They have accomplished what they wanted to accomplish based
9:33
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
on all the previous steps they've gone through.
9:36
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So this could be something like the attacker has successfully encrypted
9:40
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
data and is demanding a ransom in order to release the decryption
9:45
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
keys.
9:46
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They've stolen data and perhaps,
9:48
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
again, demanded ransom to not publicly release
9:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the data.
9:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This is a very common attack you'll see.
9:54
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This attacker may be wanting to just destroy
9:58
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
data or...
10:00
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
disrupt systems on the network,
10:01
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
or perhaps disrupt the use of software and prevent the
10:05
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
organization from carrying out their business practices.
10:08
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Or perhaps the attacker is being a bit more stealthy
10:12
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and has a long -term goal in mind,
10:15
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and their current objective was just to obtain persistent
10:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
access to give them a
10:23
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
long -term access to this network.
10:26
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And they've maybe carried this out a little bit quieter,
10:29
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and there may be less to be able to detect because they have future goals
10:34
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
they want.
10:34
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Maybe it's a high -value target that they've been targeting this whole time.
10:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So there's many different steps,
10:40
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
as we can see,
10:41
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
to various different types of cyber attacks.
10:45
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And there are various different indicators and artifacts
10:49
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
that can be found during a threat hunt for any one of
10:53
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
these different phases.
10:54
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So it's important to be familiar with these phases and kind of what goes on
10:58
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
at each step of the process to be able to identify
11:03
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and potentially stop an attack.
11:06
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
as early in this chain as possible.
11:09
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
In this
11:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
video we're going to take a look at the MITRE ATT &CK framework.
11:24
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
a tool that is very commonly used by defenders to kind of help visualize
11:29
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
various different tactics and techniques.
11:32
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So what is the MITRE ATT &CK framework?
11:36
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Well, first of all,
11:37
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the ATT &CK here stands for Adversarial Tactics,
11:42
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Techniques,
11:43
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and Common Knowledge.
11:44
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And it has been,
11:45
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
as the name implies,
11:47
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
it has been created and maintained by MITRE.
11:50
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And it is a,
11:51
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
quote, knowledge base of adversary tactics and techniques
11:55
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
based on real world observations.
11:59
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Basically what that means,
12:01
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
it's a collection of various different tactics and techniques kind
12:05
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
of broken down into a very easy to,
12:07
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know,
12:09
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
utilize format.
12:10
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
It's got a lot of examples,
12:12
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
recommendations for mitigations,
12:14
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
all kinds of things like that.
12:15
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And we'll take a look at the actual framework and the...
12:18
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the visualization and tool of it here in just a second.
12:21
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
The technical name for it is the ATT &CK matrix for
12:26
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
enterprise.
12:26
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So if you are interested in looking at it,
12:28
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
that is the specific one that most people are referencing when they're talking about
12:32
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the MITRE ATT &CK framework.
12:34
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
The way it's broken down is you have columns and rows.
12:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
The columns refer to or show the different tactics
12:42
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
that attackers a lot of times use.
12:44
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And in each of those columns,
12:46
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you have sections for various different techniques that can be used to
12:50
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
carry out those tactics.
12:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
As of the time of recording,
12:54
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
there are over 230 different techniques in there that
12:58
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
can be...
12:59
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
kind of used to gain intelligence and information and
13:03
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
some mitigation recommendations,
13:06
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
detection recommendations,
13:07
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
things like that.
13:09
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Each one of them has an explanation of what the technique is,
13:12
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
some examples of how it has been used,
13:15
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and like I said,
13:16
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
some mitigation and detection information as well.
13:20
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So let's go ahead and take a look at the
13:25
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
MITRE ATT &CK framework here.
13:27
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Switch over to...
13:29
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
that screen.
13:30
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And before I zoom in here,
13:33
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
just kind of give you an example to show kind of a high level overview
13:37
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
of it.
13:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
The techniques are listed here in,
13:40
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
or excuse me, the tactics are listed here in the column.
13:44
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So reconnaissance,
13:45
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
resource development,
13:46
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and so on.
13:47
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
A little hard to read.
13:48
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
I'll zoom in here in a second.
13:50
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And then each one of these individual cells is a different
13:54
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
technique for each one of these tactics.
13:57
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So let's go ahead and zoom in a bit here so it's a little readable.
14:03
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So the techniques,
14:05
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
reverse that,
14:06
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the tactics are broken down and kind of
14:10
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
go in order of how the attack
14:14
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
progresses.
14:15
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Think back to the cyber kill chain.
14:17
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So it starts with reconnaissance,
14:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
resource development,
14:20
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
initial access.
14:21
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We have one for execution,
14:23
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
persistence,
14:24
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
privilege escalation,
14:26
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and it goes all the way through over to the side here,
14:30
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
scrolling.
14:31
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Not zoomed in,
14:32
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you don't really need to scroll,
14:33
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
but zoomed in here we do need to.
14:34
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
All the way through lateral movement,
14:36
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
command and control,
14:37
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
exfil,
14:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
impact,
14:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
all of those.
14:39
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And each one of these has an individual technique that can
14:44
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
be used for each one
14:48
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
of these tactics.
14:49
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So let's go over here towards,
14:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
let's see,
14:53
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
let's take a look under initial access and phishing.
14:56
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
That's a very common technique that's...
15:00
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
used for initial access in any type of attack.
15:03
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And you'll see each one of these has kind of an ID associated with it.
15:07
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So the phishing here is T1566,
15:10
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
replication through movable media,
15:13
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
T1091,
15:15
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and so forth.
15:16
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So each of them have a unique ID.
15:18
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
When you go into,
15:19
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
we'll take a look, go in here into the phishing,
15:21
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
we have a lot of information provided to us.
15:24
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So we have on the side here,
15:26
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the ID, some sub techniques,
15:28
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
some individual specific ways that phishing can be carried
15:33
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
out, what tactic it falls into,
15:35
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
what platforms this applies to,
15:37
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
pretty much anything.
15:38
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And then some just kind of metadata about who worked
15:42
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
on it and dates and everything and things like that.
15:45
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So we have a,
15:46
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
we can expand our sub techniques in here and we can see we
15:50
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
have attachments, links,
15:51
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
services,
15:52
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and voice as the sub technique.
15:55
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So we can get even more specific than just phishing.
15:58
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And we can go in here and see pretty similar information that we can see on the
16:02
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
phishing page.
16:03
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Kind of a brief summary of what it looks like.
16:06
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And then some examples of successful attacks that have
16:10
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
actually.
16:12
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
used phishing.
16:13
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Obviously, there's a lot more attacks that have used phishing than just
16:17
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this six,
16:18
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
but you know, you can only fit so much on a page.
16:20
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But if we go into,
16:22
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
we'll say we'll go into this ink ransomware here,
16:25
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
we can click on the ID,
16:27
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and it gives us the information about the ink ransomware by the
16:31
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
group that has carried it out.
16:33
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And again, we can dive down deeper into that as well to get information
16:37
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
on the group.
16:40
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And again, you can see all the techniques the individual group is
16:44
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
using as part of their attacks,
16:48
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and we see phishing is one of the techniques they use.
16:50
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We'll go back here to the phishing page.
16:53
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We can see,
16:54
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
again, lists of example attacks and groups that
16:58
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
have used phishing.
17:01
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Some recommended mitigations for phishing,
17:05
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, antivirus and malware,
17:06
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
network intrusion prevention,
17:09
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
content restriction,
17:11
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
user training is a big one as well,
17:13
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and then ways phishing can be detected.
17:16
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And we have,
17:17
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, the detections here are pretty generic detections,
17:20
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, application logs,
17:21
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
file creation,
17:22
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
network traffic,
17:23
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
but it has specific recommendations in here
17:27
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
for how this can work.
17:29
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So we're talking about
17:30
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
filtering based on DKIM and SPF,
17:32
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
which are two kind of methods of email protection and security.
17:36
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So it gets into a little more detail as far as
17:41
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
how it can be,
17:42
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
how this specific technique can be detected.
17:46
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And we go down and we have many different references that lead to various
17:51
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
different pages.
17:52
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And then depending on the date,
17:53
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
some of these may go to,
17:54
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know,
17:56
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
archive .org or something like that.
17:58
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Just depends.
17:59
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But a lot of them are just,
18:00
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, articles about how a specific technique or,
18:03
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, whatever page we may happen to be on.
18:06
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
It doesn't need to specifically be a technique.
18:10
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
that this is referencing.
18:12
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So for example,
18:13
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
let's go back and we'll scroll back up here.
18:16
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We'll go to the ink ransomware here and we
18:20
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
can see we have groups that use this software.
18:24
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
which, you know,
18:25
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
makes sense because it is named after the actual group.
18:28
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And then again,
18:29
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
more references to articles about,
18:31
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, whatever page it is we happen to be on.
18:34
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So there is,
18:35
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, kind of source material backing up the information in
18:39
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this tool as well.
18:41
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So the MITRE ATT &CK framework is a very useful tool
18:46
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
for performing research on various different
18:50
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
threat actors,
18:51
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
what techniques they use.
18:53
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So for example,
18:54
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
we can go into the threat group here.
18:56
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We can see all the techniques they used.
18:59
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We can see additional names this group may be called.
19:04
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Keep scrolling down here,
19:05
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
find all the software that this threat actor may be using as part
19:10
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
of their attacks.
19:10
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We have things like,
19:11
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, Tor,
19:12
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
PS Exec,
19:13
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and again,
19:15
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
more references to them that point to various different resources
19:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
on the internet.
19:20
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So a lot of information that can be obtained
19:25
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
out of this tool.
19:27
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And let's see,
19:28
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
a little hard to see right here.
19:30
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
I don't have a good way of zooming in on the address bar,
19:33
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
but it is attack .mitre .org.
19:37
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Mitre being spelled M -I -T -R -E,
19:40
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
as you can see down here on their logo.
19:43
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
attack, just the word attack,
19:45
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
not using the ampersand symbol,
19:47
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
attack .mitre .org is how you can get to this tool
19:51
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
to kind of,
19:52
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, research a little bit on your own,
19:54
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
various different threat actor groups,
19:57
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the techniques they used.
20:00
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
they use and ways to be able to detect these specific
20:04
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
techniques and also mitigate them as well.

این رونوشت توسط هوش مصنوعی (شناسایی خودکار گفتار) تولید شد. ممکن است حاوی خطا باشد — برای استفادهٔ حیاتی با صدای اصلی بررسی کنید. سیاست هوش مصنوعی

❤️ عاشق STT.ai هستي؟
خلاصه
برای تولید خلاصه‌ای از این رونوشت از هوش مصنوعی ، خلاصه را فشار دهید.
خلاصه کنم...
از هوش مصنوعی در مورد این رونوشت بپرسید
در این روش، هر سؤالی که در مورد این رونوشت پرسیده شود، هوش مصنوعی بخش‌های مربوطه را پیدا کرده و پاسخ می‌دهد.