2026-04-07 01-22-58_Clip_Clip-02-01_Clip

May 31, 2026 23:32 · 25:05 · English · Whisper Turbo · 2 స్పీకర్లు
ఈ సరికొత్త కాలం అయిపొయినది. శాశ్వత నిల్వ కోసం ఉన్నతీకరించు →
చూపుట మాత్రమే
0:00
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
different stages of the attack you can see on the screen here.
0:03
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We're going to go through each of these stages here in a second.
0:07
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Now this isn't really directly tied into threat hunting,
0:11
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
but it is very important to know because our goal here is
0:15
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
to detect the attack and find the malware,
0:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the malicious attacker on the network.
0:22
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
early in this chain as possible.
0:25
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So it's important to kind of be familiar with these different phases
0:29
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
of the attack to be able to detect it as early as possible.
0:34
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So let's start by talking about the reconnaissance phase.
0:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This is the first phase of the attack where the attacker is basically just
0:42
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
getting information.
0:43
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They're doing their research.
0:45
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They're looking up information.
0:47
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They're gathering as much data about their target as they can so
0:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
they can begin to build out their attack.
0:54
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And there's active and passive methods that attackers can
0:58
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
use.
0:58
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Your passive method is going to be something like
1:01
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
searching on the internet just for information about their
1:06
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
victim or their target,
1:08
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
just for general information,
1:09
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
maybe information about what kind of network equipment or servers
1:14
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
they may run.
1:16
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
perhaps trying to gather a lot of email addresses to use in a
1:20
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
phishing campaign or anything like that.
1:23
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Then you also have active methods,
1:25
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
which is when an attacker will actively start scanning the network to try
1:29
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and see,
1:30
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, what ports may be open to the internet or maybe what systems their
1:36
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
target might be using on a kind of a public network.
1:40
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Typically, there's not going to be much you're going to find when we're talking about
1:44
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
threat hunting in the reconnaissance phase,
1:46
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
since for the most part,
1:48
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
it is going to be very passive activities that don't have any connection to the
1:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
target network,
1:53
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
except for things like network scans.
1:55
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But again,
1:56
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
those are going to be very difficult to see in a threat hunt.
2:00
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
That moves us on to the weaponization phase.
2:03
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This is the phase of the attack where the attacker has gotten all their
2:07
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
information and they start creating the payload,
2:10
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the final payload they're going to,
2:11
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
or at least the initial payload,
2:13
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
they're going to deliver to the victim.
2:16
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And this can be something like a remote access tool,
2:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
also known as a rat,
2:20
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
or some other sort of backdoor that the attacker can use to kind of
2:24
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
maintain persistence on the network.
2:27
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This could be encryption tools for a VA ransomware attack.
2:30
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This could be other software that downloads additional
2:34
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
malware from the attacker -controlled network.
2:37
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
There's a lot of different options here for the
2:41
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
type of payload that an attacker can create here in the weaponization
2:46
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
phase.
2:46
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Now, there's not going to be anything you're going to find in threat hunting in this phase because
2:50
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this is the attacker just creating the tools.
2:54
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
There's typically not any interaction with their target or with their victim at
2:58
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this point, which means there's going to be nothing in logs for anybody to find during
3:02
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the threat hunt.
3:03
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
The delivery phase,
3:05
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
however, this is when you might be able to start finding information in logs,
3:09
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and this is going to be typically one of the earliest phases you'll be able to
3:13
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
start detecting and blocking attacks when it comes to a threat
3:17
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
hunt.
3:18
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This is when that payload the attacker created is then sent
3:22
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
to the victim.
3:23
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We're talking about a phishing attack.
3:25
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This could be something like an email.
3:27
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This could be a malicious website used maybe a watering hole attack where,
3:31
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, a lot of different victims may go to the same website and it may download
3:35
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
malware onto systems.
3:37
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This could be just a drive -by download,
3:40
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
maybe a malicious ad or something like that,
3:43
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
or even perhaps a malicious USB drive.
3:46
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
There's a lot of different ways and a lot of different methods
3:50
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
that attackers can deliver their payloads to their victims.
3:53
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But again, this is going to be typically the first spot where you're going
3:57
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
to be able to detect any sort of threat when you're carrying out
4:02
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
a threat hunt.
4:02
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Now,
4:03
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
after the attacker has gotten the malware or whatever tool
4:08
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
it is they're using onto the victim's network,
4:11
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this is where the exploitation phase comes in.
4:15
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This is where that malicious payload,
4:17
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
that malware is run on the victim system.
4:20
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And this is going to depend on what the delivery method was
4:24
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and what the malware is.
4:25
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But this could be something like the user opening a malicious email attachment
4:30
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
or clicking on a malicious link in an email.
4:33
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Or visiting the website that has that drive -by download where
4:37
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
they then download and run that malware.
4:40
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And there can be other vulnerabilities the attacker may be
4:44
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
exploiting during this phase as well using other methods.
4:49
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This all just depends on the specific attack.
4:51
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But there's going to definitely be things you'll be able to find in logs
4:56
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
through doing a threat hunt here.
4:58
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But at this point,
4:59
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the attacker...
5:00
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
is typically gaining their foothold in the network here
5:04
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
if their initial malware has been run.
5:06
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This exploitation phase can also be kind of a multi -step process
5:10
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
here where maybe the original payload was a very small
5:15
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
downloader that wasn't necessarily malicious in its own
5:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
right, but maybe he's gotten through an email filter,
5:22
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
for example.
5:24
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
where its sole purpose is just to connect to the attacker
5:28
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
-controlled infrastructure and download the real malware.
5:32
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So the exploitation phase can be multi -step with that
5:36
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
original payload not necessarily being malicious
5:41
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
in the ways that,
5:42
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
say,
5:43
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
email filters or antivirus software might be able to detect.
5:48
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
The installation phase is when the attacker absolutely has the foothold
5:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
on the network.
5:53
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This is where they're installing additional tools through
5:57
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the use of that original payload they were able to get on
6:02
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the victim's system.
6:04
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
These are very frequently tools that are used to carry out their end
6:08
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
goal here,
6:09
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and this could be something like software to encrypt data or encrypt systems
6:13
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
for a ransomware attack.
6:14
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This could be more advanced or more complex malware that is specifically
6:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
tailored for the victim's infrastructure.
6:22
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This could also be command and control software that allows the attacker...
6:28
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Excuse me.
6:29
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
That allows the attacker to have that victim system
6:33
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
connect back to their system so the attacker has greater control
6:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
over it.
6:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This could be tools to steal and exfiltrate data
6:42
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
from their target.
6:44
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Again, it really depends on what their end goal
6:48
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
is here.
6:49
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But there's, again,
6:49
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
definitely things you'll be able to find here.
6:54
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
in logs and various systems and IOCs and artifacts,
6:58
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
definitely information you'll be able to find here in a threat hunt.
7:02
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But at this point,
7:03
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the attacker is carrying out their end goals.
7:06
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They've got their foothold in the system.
7:09
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
If you haven't been able to detect the threat by now,
7:12
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
it would be a good time to be able to see it.
7:15
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Basically, again,
7:16
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this is any tools the attacker needs to carry out their
7:20
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
end goals,
7:21
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
their end objective.
7:24
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Command and control,
7:25
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this is where the attacker is being able to kind of customize the
7:30
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
attack even further.
7:31
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They're able to connect the victim machine to the
7:36
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
attacker's controlled infrastructure.
7:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
A lot of times this might use the what are known as
7:42
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
well -known ports,
7:43
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
something like 80 or 443.
7:45
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
A lot of times attackers will do this to evade.
7:48
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
or get around outbound firewall rules.
7:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
You're typically not going to have outbound firewall rules that
7:56
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
block 80 and 443 because,
7:57
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
well, that's going to block web browsing for the organization.
8:01
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So the attacker can kind of actually piggyback off that
8:06
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
depending on,
8:06
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, how the organization's security infrastructure is set
8:11
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
up.
8:11
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Very commonly,
8:12
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this command and control,
8:13
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
also known as C2 or CNC traffic,
8:17
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
is going to be encrypted.
8:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So analysts and threat hunters aren't going to be able to
8:23
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
really see what exactly this traffic is doing.
8:27
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They'll just be able to see where it's coming from on their network and
8:31
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
what the destination is for the attacker -controlled infrastructure.
8:35
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But again,
8:36
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this allows the attacker to run additional commands.
8:40
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
on the organization's infrastructure,
8:42
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
lets them download and run additional malware.
8:46
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And if it hasn't been blocked,
8:48
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
allows them to potentially overcome any mitigations
8:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
that the incident responders or the SOC analysts
8:57
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
may have already started putting in place.
8:59
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
If there's mitigations in place,
9:01
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
but the attacker still has the command and control infrastructure
9:05
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and is still able to connect in,
9:07
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
they may be able to kind of get around some of those mitigations.
9:11
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They can customize the attack even further.
9:15
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
based on the environment that they are in.
9:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And then our last phase is known as actions on objectives.
9:23
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This is essentially the attacker is accomplishing their
9:27
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
goals.
9:28
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They have reached their goal.
9:29
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They have accomplished what they wanted to accomplish based
9:33
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
on all the previous steps they've gone through.
9:36
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So this could be something like the attacker has successfully encrypted
9:40
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
data and is demanding a ransom in order to release the decryption
9:45
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
keys.
9:46
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
They've stolen data and perhaps,
9:48
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
again, demanded ransom to not publicly release
9:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the data.
9:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This is a very common attack you'll see.
9:54
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
This attacker may be wanting to just destroy
9:58
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
data or...
10:00
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
disrupt systems on the network,
10:01
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
or perhaps disrupt the use of software and prevent the
10:05
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
organization from carrying out their business practices.
10:08
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Or perhaps the attacker is being a bit more stealthy
10:12
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and has a long -term goal in mind,
10:15
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and their current objective was just to obtain persistent
10:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
access to give them a
10:23
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
long -term access to this network.
10:26
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And they've maybe carried this out a little bit quieter,
10:29
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and there may be less to be able to detect because they have future goals
10:34
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
they want.
10:34
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Maybe it's a high -value target that they've been targeting this whole time.
10:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So there's many different steps,
10:40
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
as we can see,
10:41
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
to various different types of cyber attacks.
10:45
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And there are various different indicators and artifacts
10:49
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
that can be found during a threat hunt for any one of
10:53
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
these different phases.
10:54
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So it's important to be familiar with these phases and kind of what goes on
10:58
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
at each step of the process to be able to identify
11:03
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and potentially stop an attack.
11:06
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
as early in this chain as possible.
11:09
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
In this
11:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
video we're going to take a look at the MITRE ATT &CK framework.
11:24
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
a tool that is very commonly used by defenders to kind of help visualize
11:29
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
various different tactics and techniques.
11:32
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So what is the MITRE ATT &CK framework?
11:36
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Well, first of all,
11:37
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the ATT &CK here stands for Adversarial Tactics,
11:42
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Techniques,
11:43
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and Common Knowledge.
11:44
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And it has been,
11:45
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
as the name implies,
11:47
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
it has been created and maintained by MITRE.
11:50
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And it is a,
11:51
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
quote, knowledge base of adversary tactics and techniques
11:55
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
based on real world observations.
11:59
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Basically what that means,
12:01
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
it's a collection of various different tactics and techniques kind
12:05
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
of broken down into a very easy to,
12:07
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know,
12:09
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
utilize format.
12:10
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
It's got a lot of examples,
12:12
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
recommendations for mitigations,
12:14
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
all kinds of things like that.
12:15
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And we'll take a look at the actual framework and the...
12:18
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the visualization and tool of it here in just a second.
12:21
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
The technical name for it is the ATT &CK matrix for
12:26
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
enterprise.
12:26
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So if you are interested in looking at it,
12:28
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
that is the specific one that most people are referencing when they're talking about
12:32
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the MITRE ATT &CK framework.
12:34
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
The way it's broken down is you have columns and rows.
12:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
The columns refer to or show the different tactics
12:42
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
that attackers a lot of times use.
12:44
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And in each of those columns,
12:46
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you have sections for various different techniques that can be used to
12:50
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
carry out those tactics.
12:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
As of the time of recording,
12:54
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
there are over 230 different techniques in there that
12:58
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
can be...
12:59
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
kind of used to gain intelligence and information and
13:03
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
some mitigation recommendations,
13:06
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
detection recommendations,
13:07
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
things like that.
13:09
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Each one of them has an explanation of what the technique is,
13:12
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
some examples of how it has been used,
13:15
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and like I said,
13:16
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
some mitigation and detection information as well.
13:20
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So let's go ahead and take a look at the
13:25
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
MITRE ATT &CK framework here.
13:27
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Switch over to...
13:29
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
that screen.
13:30
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And before I zoom in here,
13:33
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
just kind of give you an example to show kind of a high level overview
13:37
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
of it.
13:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
The techniques are listed here in,
13:40
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
or excuse me, the tactics are listed here in the column.
13:44
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So reconnaissance,
13:45
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
resource development,
13:46
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and so on.
13:47
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
A little hard to read.
13:48
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
I'll zoom in here in a second.
13:50
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And then each one of these individual cells is a different
13:54
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
technique for each one of these tactics.
13:57
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So let's go ahead and zoom in a bit here so it's a little readable.
14:03
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So the techniques,
14:05
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
reverse that,
14:06
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the tactics are broken down and kind of
14:10
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
go in order of how the attack
14:14
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
progresses.
14:15
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Think back to the cyber kill chain.
14:17
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So it starts with reconnaissance,
14:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
resource development,
14:20
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
initial access.
14:21
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We have one for execution,
14:23
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
persistence,
14:24
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
privilege escalation,
14:26
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and it goes all the way through over to the side here,
14:30
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
scrolling.
14:31
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Not zoomed in,
14:32
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you don't really need to scroll,
14:33
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
but zoomed in here we do need to.
14:34
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
All the way through lateral movement,
14:36
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
command and control,
14:37
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
exfil,
14:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
impact,
14:38
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
all of those.
14:39
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And each one of these has an individual technique that can
14:44
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
be used for each one
14:48
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
of these tactics.
14:49
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So let's go over here towards,
14:52
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
let's see,
14:53
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
let's take a look under initial access and phishing.
14:56
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
That's a very common technique that's...
15:00
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
used for initial access in any type of attack.
15:03
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And you'll see each one of these has kind of an ID associated with it.
15:07
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So the phishing here is T1566,
15:10
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
replication through movable media,
15:13
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
T1091,
15:15
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and so forth.
15:16
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So each of them have a unique ID.
15:18
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
When you go into,
15:19
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
we'll take a look, go in here into the phishing,
15:21
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
we have a lot of information provided to us.
15:24
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So we have on the side here,
15:26
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the ID, some sub techniques,
15:28
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
some individual specific ways that phishing can be carried
15:33
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
out, what tactic it falls into,
15:35
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
what platforms this applies to,
15:37
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
pretty much anything.
15:38
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And then some just kind of metadata about who worked
15:42
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
on it and dates and everything and things like that.
15:45
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So we have a,
15:46
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
we can expand our sub techniques in here and we can see we
15:50
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
have attachments, links,
15:51
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
services,
15:52
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and voice as the sub technique.
15:55
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So we can get even more specific than just phishing.
15:58
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And we can go in here and see pretty similar information that we can see on the
16:02
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
phishing page.
16:03
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Kind of a brief summary of what it looks like.
16:06
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And then some examples of successful attacks that have
16:10
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
actually.
16:12
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
used phishing.
16:13
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Obviously, there's a lot more attacks that have used phishing than just
16:17
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this six,
16:18
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
but you know, you can only fit so much on a page.
16:20
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But if we go into,
16:22
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
we'll say we'll go into this ink ransomware here,
16:25
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
we can click on the ID,
16:27
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and it gives us the information about the ink ransomware by the
16:31
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
group that has carried it out.
16:33
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And again, we can dive down deeper into that as well to get information
16:37
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
on the group.
16:40
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And again, you can see all the techniques the individual group is
16:44
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
using as part of their attacks,
16:48
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and we see phishing is one of the techniques they use.
16:50
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We'll go back here to the phishing page.
16:53
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We can see,
16:54
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
again, lists of example attacks and groups that
16:58
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
have used phishing.
17:01
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Some recommended mitigations for phishing,
17:05
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, antivirus and malware,
17:06
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
network intrusion prevention,
17:09
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
content restriction,
17:11
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
user training is a big one as well,
17:13
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and then ways phishing can be detected.
17:16
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And we have,
17:17
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, the detections here are pretty generic detections,
17:20
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, application logs,
17:21
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
file creation,
17:22
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
network traffic,
17:23
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
but it has specific recommendations in here
17:27
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
for how this can work.
17:29
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So we're talking about
17:30
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
filtering based on DKIM and SPF,
17:32
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
which are two kind of methods of email protection and security.
17:36
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So it gets into a little more detail as far as
17:41
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
how it can be,
17:42
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
how this specific technique can be detected.
17:46
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And we go down and we have many different references that lead to various
17:51
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
different pages.
17:52
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And then depending on the date,
17:53
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
some of these may go to,
17:54
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know,
17:56
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
archive .org or something like that.
17:58
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Just depends.
17:59
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
But a lot of them are just,
18:00
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, articles about how a specific technique or,
18:03
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, whatever page we may happen to be on.
18:06
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
It doesn't need to specifically be a technique.
18:10
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
that this is referencing.
18:12
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So for example,
18:13
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
let's go back and we'll scroll back up here.
18:16
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We'll go to the ink ransomware here and we
18:20
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
can see we have groups that use this software.
18:24
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
which, you know,
18:25
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
makes sense because it is named after the actual group.
18:28
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And then again,
18:29
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
more references to articles about,
18:31
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, whatever page it is we happen to be on.
18:34
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So there is,
18:35
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, kind of source material backing up the information in
18:39
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
this tool as well.
18:41
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So the MITRE ATT &CK framework is a very useful tool
18:46
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
for performing research on various different
18:50
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
threat actors,
18:51
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
what techniques they use.
18:53
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So for example,
18:54
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
we can go into the threat group here.
18:56
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We can see all the techniques they used.
18:59
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We can see additional names this group may be called.
19:04
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Keep scrolling down here,
19:05
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
find all the software that this threat actor may be using as part
19:10
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
of their attacks.
19:10
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
We have things like,
19:11
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, Tor,
19:12
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
PS Exec,
19:13
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
and again,
19:15
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
more references to them that point to various different resources
19:19
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
on the internet.
19:20
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
So a lot of information that can be obtained
19:25
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
out of this tool.
19:27
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
And let's see,
19:28
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
a little hard to see right here.
19:30
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
I don't have a good way of zooming in on the address bar,
19:33
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
but it is attack .mitre .org.
19:37
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
Mitre being spelled M -I -T -R -E,
19:40
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
as you can see down here on their logo.
19:43
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
attack, just the word attack,
19:45
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
not using the ampersand symbol,
19:47
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
attack .mitre .org is how you can get to this tool
19:51
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
to kind of,
19:52
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
you know, research a little bit on your own,
19:54
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
various different threat actor groups,
19:57
S… Speaker 2 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
the techniques they used.
20:00
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
they use and ways to be able to detect these specific
20:04
S… Speaker 1 (2026-04-07 01-22-58_Clip_Clip-02-01_Clip)
techniques and also mitigate them as well.

ఈ అపోహింగ్‌ను (స్వయంలేని పద గుర్తింపు) సంప్రదాయం (ఆఫ్యుటికల్ ప్రసంగ గుర్తింపు) రూపొందించారు. దోషములు వుండు. ఫార్మేట్‌ను సంక్లిష్టమైన ఆడియోకు వ్యతిరేకంగా నిర్ధారించండి. AI విధానము

❤️ ప్రేమ STT.ai? మీ స్నేహితులకు చెప్పండి!
సారాంశం
ఈ పిక్సెస్ యొక్క యాక్సెస్‌బిలిటి సంగ్రహం ఉద్భవించుటకు కాంక్వెరర్‌ను నొక్కుము.
పరిగణనలోకి...
ఈ రిపోర్టు గురించి AI ను అడుగుము
ఈ అస్థికల పేటిక గురించి ఏమైనా అడగండి —⁠ ఏ.