Thank You To Our Sponsor!
Agenda | October 4, 2023 | 11AM - 2PM EDT
Schedule (EDT) | Description |
|---|---|
11:00AM | Welcome and Opening RemarksMatt Bromiley, Certified Instructor, SANS Institute |
11:10AM | Identity: The Attackers Lynchpin in the Hybrid EnterpriseIn 2022 Vectra monitored over 1 million cloud identities across the globe. This visibility, combined with independent research, has unveiled the types of attacks and techniques attackers are currently using. In this session, we will report on the active techniques used to progress attacks against SaaS applications, including M365 and identity providers, so that you will be better prepared to stop future attacks. John Mancini, Group Product Manager, Vectra AI |
11:30AM | Lightning Round: Attacker Tradecraft: State-Sponsored Spear-Phishing with the Lazarus Cybercrime GroupDuring this lightning session, we'll dive into Lazarus Group techniques that target employees at pharmaceutical companies — a common theme throughout the pandemic in an attempt to steal proprietary patent information. This attack highlights that trend where an employee at a Global 500 company was targeted through social media to ultimately gain initial access. Payam Farazi, Director, Security Engineering, Vectra AI |
11:35AM | Emerging Attacker Exploit: Microsoft Cross-Tenant SynchronizationAttackers target Microsoft identities for access to applications and SaaS platforms, exploiting native functions over vulnerabilities. Nobelium, linked to SolarWinds, uses native tools like Federated Trusts for ongoing tenant access. This session will reveal an attacker leveraging another native function, enabling persistent access to a Microsoft cloud tenant using lateral movement and other tactics. This vector exploits misconfigured Cross-Tenant Sync, letting attackers breach connected tenants or establish rogue configurations. Arpan Sarkar, Technical Engineer - Threat Hunting, Vectra AI |
11:55AM | Lightning Round: Attacker Tradecraft: How Volt Typhoon Deploys "Living Off the Land" TechniquesVolt Typhoon emphasizes gathering information such as user credentials to assist with Live Off The Land (LOTL) techniques to maintain access. The actor attempts to leverage any privileges available on compromised devices and extract data to an AD account with attempts to authenticate to other devices on the network. Join our lightning session to learn more. Payam Farazi, Director, Security Engineering, Vectra AI |
12:00PM | The Art of Red Teaming: Best Practices and InsightsChoosing the right security assessment method can be intimidating as your attack surface grows. Penetration testing assesses vulnerabilities comprehensively, while red teaming provides a targeted, no-holds-barred approach. During this session, our experts will explore the role for both methods and their importance in securing your hybrid environments. Tom D'Aquino, Director, Security Validation, Vectra AI Matt Bromiley, Certified Instructor, SANS Institute |
12:25PM | Break |
12:40PM | Bridging the Gap in Current Cloud Threat Detection Tools - Meet the DeRFIntroducing the DeRF (Detection Replay Framework) — a solution addressing gaps in cloud threat detection integration. Existing tools often lack flexibility and extensibility for evolving use cases and custom attack techniques. DeRF's key design choices include segregating infrastructure deployment and attack execution permissions, catering to expanding capabilities and user roles. It's highly extensible — featuring built-in attack techniques and easy customization via YAML files —without altering core functionality. Embrace DeRF to enhance cloud threat detection and seamlessly adapt to evolving security needs. Kat Trexler, Principal Security Researcher, Vectra AI |
1:05PM | Lightning Round: Attacker Tradecraft: Hybrid Cloud Attack Simulation Using a Zero-Day ExploitAs a leading R&D company specializing in advanced materials, FictoTech’s high-value intellectual property makes them a prime target for cyberattacks. This attack was initiated through a zero-day exploit that was left unpatched in an on-premises marketing server, where IT does not control software updates. Payam Farazi, Director, Security Engineering, Vectra AI |
1:10PM | Fighting Fire with Fire: How LLMs are Used to Attack and Defend EnterprisesDuring this session, we'll discuss the dual role of Language Model Machines (LLMs) in cybersecurity and how LLMs act as both assailants and protectors of enterprises, fundamentally reshaping security practices. Join us as we discuss the offensive and defensive applications of LLMs, shedding light on their transformative impact on cybersecurity. Sohrob Kazerounian, Distinguished AI Researcher, Vectra AI Matt Bromiley, Certified Instructor, SANS Institute |
1:35PM | Keynote Session: Stopping Hybrid Attacks with Integrated Attack SignalIn the era of hybrid enterprises, SOC teams are constantly faced with more: More attack surface to cover. More alerts to manage. More analyst workload, burnout and turnover. But that doesn't have to be your story. During this session, we’ll show you how to break this daunting spiral of more to achieve SOC modernization and hybrid attack resilience. Kevin Kennedy, Senior Vice President - Product, Vectra AI |
2:00PM | Closing RemarksMatt Bromiley, Certified Instructor, SANS Institute |
