Artwork

Indhold leveret af Clint Marsden. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Clint Marsden eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.
Player FM - Podcast-app
Gå offline med appen Player FM !

Episode 7 - Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and Procedures

17:07
 
Del
 

Manage episode 425641123 series 3578563
Indhold leveret af Clint Marsden. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Clint Marsden eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.

Send us a text

In todays episode of TLP - Traffic Light Protocol, Clint Marsden talks about Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and Procedures.
Key Takeaways
Understanding Scattered Spider: Scattered Spider, also known as Roasted Octopus or Octo Tempest, utilizes various legitimate tools for malicious purposes.
Common Tools and Techniques: They employ tools for reconnaissance (PingCastle, ADRecon), credential dumping (Mimikatz, Lazagne), Remote access (Screen Connect, Team Viewer), and VPN (Tailscale).
Social Engineering Tactics: Their methods include impersonation, MFA fatigue (MFA bombing), and SIM swapping to gain access.
Persistence Mechanisms: They maintain access through methods like automatic account linking and adding additional MFA tokens
Defense Strategies: Implement strong identity verification, monitor for unusual activity, and educate users social engineering & smishing
Quotes
"By understanding their tactics, techniques, and procedures, or TTPs, you can better defend your network and improve its security posture."
"There's a lot of push on recognizing phishing emails and hovering over links and verifying the sender, but not enough focus on social engineering training for staff"
Action Points
Review Service Desk Processes: Ensure robust identity verification to prevent social engineering.
Monitor for Unusual Activity: Regularly audit and set up automated alerts for suspicious MFA changes or logins.
Educate Users: Conduct training on recognizing phishing and social engineering techniques.
Test Tools in a Lab: Use the mentioned tools to simulate attacks and improve defensive measures by analyzing security logs and infrastructure.
Mentioned Resources
Remote monitoring and management or RMM tools
Fleetdeck.io
Level.io
Ngrok Mitre Ref: [S0508]
Screenconnect
Splashtop
Teamviewer
Pulseway
Tactical RMM
Reconnaissance:
PingCastle - https://www.pingcastle.com/
ADRecon - https://github.com/sense-of-security/ADRecon
Advanced IP Scanner - https://www.advanced-ip-scanner.com/
Govmomi - https://github.com/vmware/govmomi
Cred dumpers:
Mimikatz - https://github.com/ParrotSec/mimikatz
Hekatomb - https://github.com/ProcessusT/HEKATOMB
Lazagne - https://github.com/AlessandroZ/LaZagne
gosecretsdump - https://github.com/C-Sto/gosecretsdump
smbpasswd.py - (as part of Impacket) - https://github.com/fortra/impacket/blob/master/examples/smbpasswd.py
LinPEAS - https://github.com/peass-ng/PEASS-ng/tree/master/linPEAS
ADFSDump - https://github.com/mandiant/ADFSDump
VPN:
Tailscale - Provides virtual private networks (VPNs) to secure network communications

  continue reading

16 episoder

Artwork
iconDel
 
Manage episode 425641123 series 3578563
Indhold leveret af Clint Marsden. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Clint Marsden eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.

Send us a text

In todays episode of TLP - Traffic Light Protocol, Clint Marsden talks about Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and Procedures.
Key Takeaways
Understanding Scattered Spider: Scattered Spider, also known as Roasted Octopus or Octo Tempest, utilizes various legitimate tools for malicious purposes.
Common Tools and Techniques: They employ tools for reconnaissance (PingCastle, ADRecon), credential dumping (Mimikatz, Lazagne), Remote access (Screen Connect, Team Viewer), and VPN (Tailscale).
Social Engineering Tactics: Their methods include impersonation, MFA fatigue (MFA bombing), and SIM swapping to gain access.
Persistence Mechanisms: They maintain access through methods like automatic account linking and adding additional MFA tokens
Defense Strategies: Implement strong identity verification, monitor for unusual activity, and educate users social engineering & smishing
Quotes
"By understanding their tactics, techniques, and procedures, or TTPs, you can better defend your network and improve its security posture."
"There's a lot of push on recognizing phishing emails and hovering over links and verifying the sender, but not enough focus on social engineering training for staff"
Action Points
Review Service Desk Processes: Ensure robust identity verification to prevent social engineering.
Monitor for Unusual Activity: Regularly audit and set up automated alerts for suspicious MFA changes or logins.
Educate Users: Conduct training on recognizing phishing and social engineering techniques.
Test Tools in a Lab: Use the mentioned tools to simulate attacks and improve defensive measures by analyzing security logs and infrastructure.
Mentioned Resources
Remote monitoring and management or RMM tools
Fleetdeck.io
Level.io
Ngrok Mitre Ref: [S0508]
Screenconnect
Splashtop
Teamviewer
Pulseway
Tactical RMM
Reconnaissance:
PingCastle - https://www.pingcastle.com/
ADRecon - https://github.com/sense-of-security/ADRecon
Advanced IP Scanner - https://www.advanced-ip-scanner.com/
Govmomi - https://github.com/vmware/govmomi
Cred dumpers:
Mimikatz - https://github.com/ParrotSec/mimikatz
Hekatomb - https://github.com/ProcessusT/HEKATOMB
Lazagne - https://github.com/AlessandroZ/LaZagne
gosecretsdump - https://github.com/C-Sto/gosecretsdump
smbpasswd.py - (as part of Impacket) - https://github.com/fortra/impacket/blob/master/examples/smbpasswd.py
LinPEAS - https://github.com/peass-ng/PEASS-ng/tree/master/linPEAS
ADFSDump - https://github.com/mandiant/ADFSDump
VPN:
Tailscale - Provides virtual private networks (VPNs) to secure network communications

  continue reading

16 episoder

Alle episoder

×
 
Loading …

Velkommen til Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Hurtig referencevejledning