Solar winds supply chain breach - Insights from the trenches

•Download as PPTX, PDF•

1 like•775 views

On December 13 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to immediately “disconnect or power down SolarWinds Orion products” as they were being actively exploited by malicious actors. Infosec Skills author and KM Cyber Security managing partner Keatron Evans is helping numerous clients respond to the breach and mitigate any potential damage. Join him as he discusses: -What we know about the breach so far -How his clients have responded to the incident -What to look for in your environment to see if you’ve been affected

Internet

Meet your
speaker
Keatron Evans
Guest speaker
Infosec instructor and managing partner
at KM Cyber Security

Agenda
�What happened?
�Immediate action you can take
�Industry responses
�Demo: Snort, memory forensics and Zeek
�Live Q & A

What happened?
● FireEye discovered a global attack targeting customers of SolarWinds’ Orion product line. We are tracking
the actors behind this campaign as UNC2452.
● The attack trojanized SolarWinds Orion business software updates in order to distribute malware called
SUNBURST.
● Post exploit activity including horizontal movement has been prevalent.
● The campaign is widespread, affecting public and private organizations around the world.
● FireEye is releasing signatures to detect this threat actor and supply chain attack in the wild. These are
found on our public GitHub page. FireEye products and services can help customers detect and block
this attack. https://github.com/fireeye/sunburst_countermeasures
Sources – FireEye www.fireeye.com, www.mcaffee.com

Key findings about malware so far
● Has interest in cloud services and wireless network
usage of victim
● Looks for Solarwinds tools that collect registrant email
addresses, time zone info, etc.
● Has Domain Generation Algorithm for sub-domain
generation for comms back to C2
Sources –
FireEye www.fireeye.com,
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/additional-analysis-into-the-sunburst-backdoor/

Responding to the incident
● What horizontal movements are detectable
● Patterns that may not be talked about in the
public domain yet
● Implementing countermeasures and IOC search
criteria with Snort from scratch

Take action immediately
● Go to FireEye Github and get the IOC’s
and countermeasures
● Implement in your environment
● Check with your preferred security
vendors
● Keep up to date on new developments

Some industry responses
FireEye
● Published IOC's for everyone to use
● Published recommend steps to recovery
● Basically provided free Incident Response Advisory Services to the world
Microsoft
● Invalidated malware certificates
● Sinkholed one of the main CnC domains
● Updated Windows Defender to look for Sunburst

Some industry responses
McAfee
● Sharing detailed reverse engineered intelligence
● Updated in real time
Others in the industry
● Other associates/responders
● My personal network
● Countless MSSP’s, SIEM vendors, etc.
● Contributions are growing by the minute

Keep your skills sharp
Want to learn Snort, Zeek, memory
forensics and other pertinent skills?
Subscribe to Infosec Skills using
Keatron’s code “evans50” to save
50% on your first month or first
year.
infosecinstitute.com/skills

Keep in
touch
Keatron Evans
linkedin.com/in/keatronevans
kevans@kmcybersecurity.com
Infosec
linkedin.com/company/infosec-institute
www.infosecinstitute.com

About us
Infosec believes knowledge is power when fighting
cybercrime. We help IT and security professionals advance
their careers with skills development and certifications
while empowering all employees with security awareness
and privacy training to stay cyber-safe at work and home.
www.infosecinstitute.com

In this webinar you’ll gain the insights you need to solve business problems proactively with IT Service (ITSM) and IT Asset Management (ITAM) working together. Our panel of speakers will discuss real-world use cases where combining ITSM and ITAM processes, data and insights can be part of an overall plan to maximize operational efficiencies and improve service delivery, while also optimizing compliance and cost.

PaloAlto Enterprise Security Solution

Prime Infoserv

The Seismic Impact of the SolarWinds Hack

Nicole Fucile-Borsian

Vapt pci dss methodology ppt v1.0

Network Intelligence India

2021/0/15 - Solarwinds supply chain attack: why we should take it sereously

Sirris

Security Strategy and Tactic with Cyber Threat Intelligence (CTI)

Priyanka Aash

Threat hunting 101 by Sandeep Singh

OWASP Delhi

Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task. Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.

Cyber Threat Hunting Workshop

Digit Oktavianto

Penetration Testing Basics

Rick Wanner

DFIR

Kblblkb

MITRE ATT&CK framework

Bhushan Gurav

Solving the Asset Management Challenge for Cybersecurity (It’s About Time)

Enterprise Management Associates

Despite the amazing technologies available today in cybersecurity, organizations still struggle with the most fundamental challenge that has been around for decades: understanding all the devices, users, and cloud services they’re responsible for, and whether those assets are secure. These slides—based on the webinar hosted by leading IT research firm EMA and Axonius—explain why solving asset management for cybersecurity is becoming increasingly important, and why something so fundamental has quickly risen to the top of CISOs priority lists.

Security Operations Center (SOC) Essentials for the SME

AlienVault

Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps? Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering: *Developments in the threat landscape driving a shift from preventative to detective controls *Essential security controls needed to defend against modern threats *Fundamentals for evaluating a security approach that will work for you, not against you *How a unified approach to security visibility can help you get from install to insight more quickly

Secure SDLC Framework

Rishi Kant

Security operation center (SOC)

Ahmed Ayman

Qradar - Reports.pdf

PencilData

Scalar Security Roadshow - Calgary Presentation

Scalar Decisions

Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly. In this quick-fire, half-day roadshow, Scalar brings you solutions to these problems from three of our most strategic security vendors, as well as a full presentation on our managed security services portfolio.

Scalar Security Roadshow - Vancouver Presentation

Scalar Decisions

What's hot

4_Session 1- Universal ZTNA.pptx

aungyekhant1

Threat Hunting

Splunk

Deception technology for advanced detection

Jisc

Bsides 2019 - Intelligent Threat Hunting

Dhruv Majumdar

MITRE ATT&CK Framework

n|u - The Open Security Community

Supply Chain Attacks

Lionel Faleiro

SIEM Primer:

Anton Chuvakin

SOC and SIEM.pptx

SandeshUprety4

Security Information and Event Management (SIEM)

hardik soni

Threat hunting - Every day is hunting season

Ben Boyd

Next-Gen security operation center

Muhammad Sahputra

Cyber Threat Hunting Workshop

Digit Oktavianto

Penetration Testing Basics

Rick Wanner

DFIR

Kblblkb

MITRE ATT&CK framework

Bhushan Gurav

Solving the Asset Management Challenge for Cybersecurity (It’s About Time)

Enterprise Management Associates

Security Operations Center (SOC) Essentials for the SME

AlienVault

Secure SDLC Framework

Rishi Kant

Security operation center (SOC)

Ahmed Ayman

Qradar - Reports.pdf

PencilData

What's hot (20)

4_Session 1- Universal ZTNA.pptx

Threat Hunting

Deception technology for advanced detection

Bsides 2019 - Intelligent Threat Hunting

MITRE ATT&CK Framework

Supply Chain Attacks

SIEM Primer:

SOC and SIEM.pptx

Security Information and Event Management (SIEM)

Threat hunting - Every day is hunting season

Next-Gen security operation center

Cyber Threat Hunting Workshop

Penetration Testing Basics

DFIR

MITRE ATT&CK framework

Solving the Asset Management Challenge for Cybersecurity (It’s About Time)

Security Operations Center (SOC) Essentials for the SME

Secure SDLC Framework

Security operation center (SOC)

Qradar - Reports.pdf

Similar to Solar winds supply chain breach - Insights from the trenches

Scalar Security Roadshow - Calgary Presentation

Scalar Decisions

Scalar Security Roadshow - Vancouver Presentation

Scalar Decisions

Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.

Application security meetup 27012021

lior mazor

Join us on our upcoming BYOP (Bring Your Own Pizza) "Application Security Meetup" to hear about the latest cyber security breaches, trends and technologies in modern application development. Agenda: 17:00 - 17:10 - Opening words - by Lior Mazor (Organizer) 17:10 - 17:35 - 'Recent cyber security attacks in Israel' - by Lior Mazor (Organizer) 17:35 - 18:00 - ‘How to deliver a secure product’ - by Michael Furman (Tufin) 18:00 - 18:30 - 'Hacking serverless - Introduction to Serverless Application Security' - by Yossi Shenhav (Komodo) 18:30-19:00 - ‘Post Apocalypse: Exploiting web messaging implementations’ - by Chen Gour-Arie (enso security)

How can you deliver a secure product

Michael Furman

Scalar Security Roadshow - Ottawa Presentation

Scalar Decisions

Protecting endpoints from targeted attacks

AppSense

On this AppSense webinar, guest speaker Chris Sherman, Forrester Research analyst, shared five principles for an effective endpoint security strategy. Anti-virus software isn't enough anymore. Dan O'Farrell, Sr. Director of Product Marketing for Cloud Computing at Dell, shared how highly-regulated industries have embraced VDI to increase security and reduce costs. And Bassam Khan discussed how AppSense offers privilege management with just-in-time self-elevation and application control through trusted ownership. This allows you to manage and secure your endpoints while providing a great user experience. And our latest product, AppSense Insight, offers endpoint analytics. Contact us to request a demo at iwanttoknowmore@appsense.com.

Journey to the Cloud: Securing Your AWS Applications - April 2015

Alert Logic

James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers: • The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS. • Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections) • Best practices for how to protect your environment from the latest threats

Software Supply Chain Attacks (June 2021)

TzahiArabov

Current Article Review1. Locate a current article about Regul.docx

annettsparrow

Current Article Review 1. Locate a current article about Regulations that has been published within the last 6 months. 2. Provide a Link to the article or attach a copy of the article. 3. Complete the Summary information below and post this to the discussion board to share your research with your peers. 4. Post the title of your article and the link to our class discussion Page. Once an article is listed on the discussion page it cannot be submitted again by another student. Title of the article Topic Author Publisher Date of publication Link to Article Main idea of the article: Information presented: List at least five points made by the author 1. 2. 3. 4. 5. Response to the article: Adjust your audio This is a narrated slide show. Please adjust your audio so you can hear the lecture. If you have problems hearing the narration on any slide show please let me know. © ITT Educational Services, Inc. All rights reserved. 1 Security Strategies in Windows Platforms and Applications Chapter 1 Microsoft Windows and the Threat Landscape © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. © ITT Educational Services, Inc. All rights reserved. 2 Learning Objective and Key Concepts Learning Objective Explain information security and how it applies to the Microsoft Windows operating systems. Key Concepts Information security Microsoft Windows and the typical IT infrastructure Anatomy of Microsoft Windows systems and their application vulnerabilities Page ‹#› Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 3 Where You’ll Find Microsoft Windows All vertical markets 90% workstation computers 50% server computers 9% mobile devices 1% super computers Page ‹#› Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 4 Defense In Depth The Total Environment Physical Security Desktop Security Server Security Network Security Page ‹#› Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 5 Security Controls Administrative Controls Technical Controls (logical) Physical Controls Page ‹#› Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 6 The C-I-A Triad Confidentiality Integrity Availability Page ‹#› Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. 7 Seven Domains of a Typical IT Infrastructure Page ‹#› Security Strategies in Windows Platforms and Appl.

Post Wannacry Update

Thomas Springer

Behind the Curtain: Exposing Advanced Threats

Cisco Canada

Today's advanced threats hide in plain sight, patiently waiting to strike, challenging security teams to track their progress across their network and endpoints. Meanwhile, executive and board-level reporting requirements are increasing as leadership demands in-depth answers that are unavailable from today’s block/allow security tools. With 55% of organizations unable to identify the origin of their last security breach, it’s time to stop relying on tools that define security based on what they see ‘out there’ and instead hunt for threats by tracking files, file relationships, and both endpoint and network behavior ‘in here’—inside your environment. In the first part of this interactive session, learn how Cisco’s Advanced Malware Protection (AMP) solutions use big data analytics to compare a real-time, dynamic history of your environment to the global threat landscape, automatically uncovering and blocking advanced threats before they strike. Then watch workflow examples demonstrating how your security team can use this advanced visibility and control to dramatically improve their efficiency and finally deliver the business 100% confidence answers.

Threat Hunting - Moving from the ad hoc to the formal

Priyanka Aash

In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.

Cybersecurity Concerns You Should be Thinking About

Advanced Technology Consulting (ATC)

Threats have increased exponentially. Current indicators show a massive increase in threat vectors as a result of COVID-19. What makes this more unsettling is the fact that most ransomware will remain dormant for months before activating. Check out this presentation with ATC provider, TPx. Topics covered during this virtual event include: firewall security, firewall software, endpoints, malware, backups and DR, managed security services and TPx MSx.

Becoming Secure By Design: Questions You Should Ask Your Software Vendors

SolarWinds

Understanding Your Attack Surface and Detecting & Mitigating External Threats

Ulf Mattsson

Understanding Your Attack Surface and Detecting & Mitigating External Threats Description : Organizations have spent massive amounts of money to protect the perimeter of their networks, but if your business exists on the internet, there really is no perimeter. In this presentation, we'll discuss Digital Footprints in understanding your company’s external attack surface. We will discuss social, mobile, web attacks and analyze and review lessons learned recently publicized attacks (Polish banking institutions, Apache Struts Vulnerability or WannaCry ransomware. The speed of business and cybercrime isn't slowing down, so how can you be prepared to address and defend against these types of threats? Attend our session to find out how. Reducing Your Digital Attack Surface and Mitigating External Threats - What, Why, How: What is a Digital Footprint? Breakdown of External Threats (Social, Mobile, Web) What are blended attacks? What is actually being targeting at your company? How are your brands, customers, and employees being attack outside of your company? How to become proactive in threat monitoring on the internet? Considerations in External Threat solutions Threat correspondence tracking considerations Is legal cease and desist letters adequate in stopping attacks? Examination of a phishing attack campaign How phishing kits work Analysis and lesson learned from recent published attacks What are the most important capability in a digital risk monitoring solution?

Why You'll Care More About Mobile Security in 2020

tmbainjr131

Why You’ll Care More About Mobile Security in 2020 - Tom Bain

EC-Council

What is “mobile security?” Seriously, what is it? Is it hardening controls, policy enforcement, knowing how to test mobile apps, mobile antivirus? And how do I map mobile security into an enterprise security strategy? A year later, it’s still as ubiquitous as it has ever been. However with the sophistication of device-based attacks and with the sheer volume of mobile malware exploding, mobile security maintains its status as a major pain point and a critical element you have to consider when building a security program. Given the research available and the increasing threatscape, mobile security preparedness predicated on managing the strategy is a better option than reactionary measures. What’s new in 2015 is there is more sufficient evidence that mobile attacks will further penetrate enterprise systems based on the increase of mobile device ‘involvement’ in many major hacks (not necessarily root cause traced to devices or compromised mobile apps) This presentation will discuss the key trends impacting mobile security and will lay out an updated set of building blocks to produce a holistic mobile security model: from BYOD to mobile policy development to MDM; common and emerging exploits and targeted malware; the myriad of possible mitigations; and the notion of trusted software vs device-specific consideration. Additionally, before we look at policy implementation best practices, we’ll look at a few key use cases and review a few sample enterprise models to learn how some of top organizations are managing mobile security. Finally, the presentation will take a five-year look outward to determine what impact mobile security will have long-term.

TrendMicro - Security Designed for the Software-Defined Data Center

VMUG IT

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Manoj Purandare ☁

Similar to Solar winds supply chain breach - Insights from the trenches (20)

Scalar Security Roadshow - Calgary Presentation

Scalar Security Roadshow - Vancouver Presentation

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline

Application security meetup 27012021

How can you deliver a secure product

Scalar Security Roadshow - Ottawa Presentation

Protecting endpoints from targeted attacks

Journey to the Cloud: Securing Your AWS Applications - April 2015

Software Supply Chain Attacks (June 2021)

Current Article Review1. Locate a current article about Regul.docx

Post Wannacry Update

Behind the Curtain: Exposing Advanced Threats

Threat Hunting - Moving from the ad hoc to the formal

Cybersecurity Concerns You Should be Thinking About

Becoming Secure By Design: Questions You Should Ask Your Software Vendors

Understanding Your Attack Surface and Detecting & Mitigating External Threats

Why You'll Care More About Mobile Security in 2020

Why You’ll Care More About Mobile Security in 2020 - Tom Bain

TrendMicro - Security Designed for the Software-Defined Data Center

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

More from Infosec

AWS Certified DevOps Engineer: What it is and how to get certified

Infosec

Watch the full webinar here: https://www.infosecinstitute.com/webinar/aws-certified-devops-engineer-what-it-is-and-how-to-get-certified/ Cloud infrastructure is the backbone of many organizations and services, and DevOps engineers are the professionals tasked with ensuring those systems are responsive, available, scalable and secure. The AWS Certified DevOps Engineer – Professional certification validates your skills in provisioning, operating and managing distributed AWS cloud systems. Join us on March 27 at 11 a.m. Central to learn how this AWS certification can benefit your career — and what to expect in the first-ever live AWS boot camps from Infosec. In less than 30 minutes, you’ll learn: - What’s on the AWS Certified DevOps Engineer exam (DOP-C02) - Career paths AWS certification holders - Ways you can train and get certified - Plus Q&A from live attendees

AWS Cloud Operations Administrator: What it is and how to get certified

Infosec

Watch the webinar here: https://www.infosecinstitute.com/webinar/aws-certified-sysops-administrator/ As the AWS cloud market continues to expand, professionals are needed to administer those systems. AWS Certified Cloud Operations Administrator training prepares you to earn your AWS Certified SysOps Administrator certification — and validates your skills in deploying, managing and operating AWS workloads. Join us to learn how this AWS certification can benefit your IT and cybersecurity career — and what to expect in the first-ever live AWS boot camps from Infosec. In less than 30 minutes, you’ll learn: - What’s on the AWS Certified Cloud Operations/SysOps Administrator exam (SOA-C02) - Career paths AWS certification holders - Ways you can train and get certified

AWS Certified Security - Specialty: What it is and how to get certified

Infosec

Watch the webinar: https://www.infosecinstitute.com/webinar/aws-certified-security---specialty-what-it-is-and-how-to-get-certified/ Cloud security skills are among the most in-demand in 2024, and if you work in the cloud, there’s a good chance it involves AWS. The AWS Certified Security - Specialty certification validates your skills in creating and implementing AWS cloud security solutions. Join us on March 13 at 11 a.m. Central to learn how this AWS certification can benefit your cybersecurity career — and what to expect in the first-ever live AWS boot camps from Infosec. In less than 30 minutes, you’ll learn: - What’s on the AWS Certified Security exam (SCS-C02) - Career paths AWS certification holders - Ways you can train and get certified - Plus Q&A from live attendees

AWS Certified Solutions Architect Webinar.pptx

Infosec

Watch the webinar here: https://www.infosecinstitute.com/webinar/aws-certified-solutions-architect-what-it-is-and-how-to-get-certified/ Amazon Web Services (AWS) is the market leader for cloud infrastructure, and the AWS Certified Solutions Architect – Associate certification validates your knowledge and skills in designing secure, resilient, high-performing and cost-optimized architectures. Join us to learn how this AWS certification can benefit your career — and what to expect in the first-ever live AWS boot camps from Infosec. In less than 30 minutes, you’ll learn: What’s on the AWS Certified Solutions Architect exam (SOA-C02) Career paths AWS certification holders Ways you can train and get certified This webcast is part of the Infosec AWS Training Series: https://www.infosecinstitute.com/resources/?q=aws&Type=Webcast+and+video

Infosec and AWS - A new way to train for your AWS certification (1).pptx

Infosec

Watch the webinar: https://www.infosecinstitute.com/webinar/infosec-and-aws-a-new-way-to-train-for-your-aws-certification/ Amazon Web Services (AWS) certifications are some of the most pursued in the IT and cybersecurity industry, by both employers and professionals. And now, there’s a new way to train for them with Infosec. Join us to learn about the new partnership between AWS and Infosec, making Infosec an authorized live boot camp training provider for AWS certifications. You’ll learn: - How AWS certification can boost your career - Which AWS certification is right for you - How the new AWS live boot camps will work - Plus Q&A from live attendees This webcast is part of the Infosec AWS Training Series: https://www.infosecinstitute.com/resources/?q=aws&Type=Webcast+and+video

How AI and ChatGPT are changing cybersecurity forever.pptx

Infosec

Watch the full webinar (and demo) here: https://www.infosecinstitute.com/webinar/how-chatgpt-and-ai-are-changing-cybersecurity-forever/ Artificial intelligence (AI) technologies are reshaping both how cybersecurity is done and how people learn cybersecurity. In this live demonstration, Infosec’s Keatron Evans will demonstrate how you can use ChatGPT to perform cybersecurity functions and teach yourself new skills — right now. Join us on February 23 at 11 a.m. Central to get a practical, hands-on approach around how to use AI for your cybersecurity needs. You’ll learn: - How malicious actors use AI tools like ChatGPT - Ways for cybersecurity professionals to get started with AI - How AI tools can help you learn quicker and better - Plus Q&A from live attendees

2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx

Infosec

Watch the webinar here: https://www.infosecinstitute.com/webinar/comptia-security-everything-you-need-to-know-about-the-sy0-701-update/ CompTIA’s Security+, the most popular cybersecurity certification in the world, is getting an overhaul! The updated exam (from SY0-601 to SY0-701) re-aligns the certification to match the most in-demand entry-level cybersecurity skills and trends heading into 2024. Join Patrick Lane, Director of Certification Product Management at CompTIA, to learn how the Security+ certification is evolving so it remains the “go-to” certification for anyone trying to break into cybersecurity. You’ll learn about: - Evolving Security+ domain areas and job skills - Common job roles for Security+ holders - SY0-601 and SY0-701 exam timelines - Tips to pass the updated Security+ exam - Plus Security+ questions from live viewers

NCSAM 2023 Webinar.pptx

Infosec

Learn how to roll out a successful Cybersecurity Awareness Month program that boosts employee engagement all October (and beyond). Join Infosec’s Emma Waite and Camille Raymond to learn: - What employee-related risk data is needed to quantify success - How to communicate your NCSAM plans to stakeholders - The content and cadence appropriate to drive engagement - Creative ways organizations are celebrating NCSAM - How to continue the momentum after October

CompTIA CySA+ certification (CS0-003) changes: Everything you need to know

Infosec

Watch the webinar here: https://www.infosecinstitute.com/webinar/comptia-cysa-certification-changes-everything-you-need-to-know/ Information security analyst is one of the fastest-growing job categories in the U.S., with 35 percent overall growth expected by 2031. CompTIA’s Cybersecurity Analyst+ (CySA+) is one of the most popular certifications related to the role — and it’s getting an update in 2023 to align with the most in-demand knowledge and skills requested by employers. Join Patrick Lane, Director of Certification Product Management at CompTIA, to learn everything you need to know about the latest CySA+ certification and exam (CS0-003) updates, including: - Evolving security analyst job skills - Common job roles for CySA+ holders - What’s changed from CS0-002 to CS0-003 - Tips to pass the updated CySA+ exam - Plus CySA+ questions from live viewers

Skills training value: How to differentiate your staff and your organization ...

Infosec

Watch the full webinar here: https://event.on24.com/wcc/r/4125122/E0E3F3F43BABD48134E3909C4577F5EA Hiring skilled people is hard. Once you get them, you want to retain them — and increase their value to your customers. Save your spot to learn more about: - Challenges with getting and retaining internal talent - How better skillsets affect margin/profitability - Using Infosec Skills to attract highest-quality hires - Using Infosec Skills to upskill your internal team - Reselling Infosec Skills to your end-user

Learning ≠ Education: How people really learn and what it means for security ...

Infosec

Emotion and passion are the two most essential elements in understanding how people learn. Often, the initial response to security threats is throwing technology at the problem. But as we know, you can’t fix all of your security issues without understanding the role humans play in the process. Join Nick Shackleton-Jones — 30-year learning and development vet, Former CLO at Deloitte UK and CEO and Founder of Shackleton Consulting — to better understand: - The difference between learning and education - What really drives how employees learn - How to develop a growth mindset that truly changes employee behavior Watch the full webcast here: https://www.infosecinstitute.com/webinar/adult-learning-security/

Security awareness training - 4 topics that matter most

Infosec

National Cybersecurity Awareness Month (NCSAM) is right around the corner. Now’s the time to level up your security awareness training program — and instill best practices in employees that will help keep them (and your organization) secure year-round. Join us to learn about the four key employee behaviors for NCSAM 2022. All registrants will receive a free Cybersecurity Awareness Month Toolkit, which includes: 1 training module & assessment 5 posters & infographics 1 employee presentation 4 email templates And more

Join the hunt: Threat hunting for proactive cyber defense.pptx

Infosec

As threat hunters, you already know staying ahead of the adversary demands a proactive approach to threat detection and response. Don your virtual threat hunting gear and join Infosec Principal Security Researcher Keatron Evans as he goes sleuthing for cyber threats. Join us for practical threat hunting insights and career recommendations, including: Threat hunting knowledge and skills to accelerate your career How to help clients navigate the threat hunting toolbox and prioritize technology investments Live demos of notoriously hard-to-detect adversarial behavior like memory-only malware and living-off-the-land techniques One lucky attendee will win a free year of Infosec Skills. Complete the form to save your seat! P.S. Don’t miss our novice-level threat hunting session: Threat hunting foundations: People, process and technology.

Threat hunting foundations: People, process and technology.pptx

Infosec

Ever wonder what threat hunting is all about? Join Infosec Principal Security Researcher Keatron Evans as he breaks down the basics of what it’s like to have a career hunting down potential cyber threats. Join us on for an inside look at a day in the life of a threat hunter, including: Why threat hunters are more critical today than ever before Knowledge and skills needed to drive threat hunting success Live demos of essential threat hunting skills and tools used to detect and mitigate adversarial behavior One lucky attendee will win a free year of Infosec Skills. Complete the form to save your seat! P.S. Want to go even deeper into threat hunting? Don’t miss our advanced threat hunting session on June 28, Join the hunt: Threat hunting for proactive cyber defense.

How to do application security right

Infosec

It’s been more than a decade since Marc Andreessen popularized the idea that “every company needs to become a software company.” But in 2022, just being a software company isn’t enough; you need to become a secure software company. That’s why Ted Harrington created a new Infosec Skills learning path based on his best-selling book, “Hackable: How to Do Application Security Right.” Whether you create code, secure systems or manage organizational risk, understanding application security has become a must-have skill. Join us to learn how to: Avoid common application security mistakes Implement best practices to secure software systems Create the business case for security as a competitive edge Plus, get your live questions answered by Ted Every registrant will get a free copy of Ted’s new ebook, “How to secure your software faster and better.”

A public discussion about privacy careers: Training, certification and experi...

Infosec

The word privacy can have so many meanings. Whether personal, professional or procedural, privacy can be a state of being, an action that requires compliance or a created space of safety. Join Infosec Skills authors Chris Stevens, John Bandler and Ralph O’Brien as they discuss the intersection of privacy and cybersecurity. They’ll help you walk a path that will lead to an engaging career as a privacy specialist — a job role that grows with more opportunities year after year! The panel will discuss: Privacy as it relates to cybersecurity Privacy certifications that align with your career path Best practices for studying for IAPP certification exams Tips for getting experience in the field of privacy Interviewing for the privacy position you’ve been searching for Plus your live questions on privacy as a career

Learn intrusion detection: Using Zeek and Elastic for incident response

Infosec

Intrusion detection is a foundational skill for many cybersecurity careers. Learn how intrusion detection works in action in this live webcast. Then take these free intrusion detection system (IDS) tools and start building your skills. Join Infosec Skills author Mark Viglione on March 8 at 11 a.m. CST to learn all about: What is intrusion detection? How intrusion detection fits into different career paths Live demo of Zeek for log analysis Live demo of Elastic SIEM for incident response Plus your live intrusion detection and career questions

Get started in cybersecurity in 2022

Infosec

CompTIA PenTest+: Everything you need to know about the exam

Infosec

CompTIA CASP+ | Everything you need to know about the new exam

Infosec

More from Infosec (20)

AWS Certified DevOps Engineer: What it is and how to get certified

AWS Cloud Operations Administrator: What it is and how to get certified

AWS Certified Security - Specialty: What it is and how to get certified

AWS Certified Solutions Architect Webinar.pptx

Infosec and AWS - A new way to train for your AWS certification (1).pptx

How AI and ChatGPT are changing cybersecurity forever.pptx

2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx

NCSAM 2023 Webinar.pptx

CompTIA CySA+ certification (CS0-003) changes: Everything you need to know

Skills training value: How to differentiate your staff and your organization ...

Learning ≠ Education: How people really learn and what it means for security ...

Security awareness training - 4 topics that matter most

Join the hunt: Threat hunting for proactive cyber defense.pptx

Threat hunting foundations: People, process and technology.pptx

How to do application security right

A public discussion about privacy careers: Training, certification and experi...

Learn intrusion detection: Using Zeek and Elastic for incident response

Get started in cybersecurity in 2022

CompTIA PenTest+: Everything you need to know about the exam

CompTIA CASP+ | Everything you need to know about the new exam

Recently uploaded

Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines

Sanjeev Rampal

Talk presented at Kubernetes Community Day, New York, May 2024. Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics. 1) Key patterns for Multi-cluster architectures 2) Architectural comparison of several OSS/ CNCF projects to address these patterns 3) Evolution trends for the APIs of these projects 4) Some design recommendations & guidelines for adopting/ deploying these solutions.

急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样

3ipehhoa

原版纸张【微信：741003700 】【(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单】【微信：741003700 】学位证，留信认证（真实可查，永久存档）offer、雅思、外壳等材料/诚信可靠,可直接看成品样本，帮您解决无法毕业带来的各种难题！外壳，原版制作，诚信可靠，可直接看成品样本。行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题，包您满意。本公司拥有海外各大学样板无数，能完美还原海外各大学 Bachelor Diploma degree, Master Degree Diploma 1:1完美还原海外各大学毕业材料上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700 留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才

History+of+E-commerce+Development+in+China-www.cfye-commerce.shop

laozhuseo02

一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理

ufdana

CSU毕业证原版定制【微信：176555708】【加利福尼亚州立大学毕业证成绩单-学位证】【微信：176555708】（留信学历认证永久存档查询）采用学校原版纸张、特殊工艺完全按照原版一比一制作（包括：隐形水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠，文字图案浮雕，激光镭射，紫外荧光，温感，复印防伪）行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备，十五年致力于帮助留学生解决难题，业务范围有加拿大、英国、澳洲、韩国、美国、新加坡，新西兰等学历材料，包您满意。 ◆◆◆◆◆ — — — — — — — — 【留学教育】留学归国服务中心 — — — — — -◆◆◆◆◆ 【主营项目】一.毕业证【微信：176555708】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等！二.真实使馆公证(即留学回国人员证明,不成功不收费) 三.真实教育部学历学位认证（教育部存档！教育部留服网站永久可查）四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度) 如果您处于以下几种情况： ◇在校期间，因各种原因未能顺利毕业……拿不到官方毕业证【微信：176555708】 ◇面对父母的压力，希望尽快拿到； ◇不清楚认证流程以及材料该如何准备； ◇回国时间很长，忘记办理； ◇回国马上就要找工作，办给用人单位看； ◇企事业单位必须要求办理的 ◇需要报考公务员、购买免税车、落转户口 ◇申请留学生创业基金留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分→ 【关于价格问题（保证一手价格）我们所定的价格是非常合理的，而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子我给客户的都是第一手的代理价格，因为我想坦诚对待大家不想跟大家在价格方面浪费时间对于老客户或者被老客户介绍过来的朋友，我们都会适当给一些优惠。 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才选择实体注册公司办理，更放心，更安全！我们的承诺：可来公司面谈，可签订合同，会陪同客户一起到教育部认证窗口递交认证材料，客户在教育部官方认证查询网站查询到认证通过结果后付款，不成功不收费！学历顾问：微信：176555708

This 7-second Brain Wave Ritual Attracts Money To You.!

nirahealhty

Internet-Security-Safeguarding-Your-Digital-World (1).pptx

VivekSinghShekhawat2

# Internet Security: Safeguarding Your Digital World In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world. ## Understanding Internet Security Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale. ### Key Components of Internet Security 1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it. 2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties. 3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed. ## Common Internet Security Threats Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include: ### Malware Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include: - **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files. - **Worms**: Standalone malware that replicates itself to spread to other computers. - **Trojan Horses**: Malicious software disguised as legitimate software. - **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key. - **Spyware**: Software that secretly monitors and collects user information. ### Phishing Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information. ### Man-in-the-Middle (MitM) Attacks MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information. ### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks

Latest trends in computer networking.pptx

JungkooksNonexistent

How to Use Contact Form 7 Like a Pro.pptx

Gal Baras

The+Prospects+of+E-Commerce+in+China.pptx

laozhuseo02

一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理

keoku

SLU毕业证原版定制【微信：176555708】【圣路易斯大学毕业证成绩单-学位证】【微信：176555708】（留信学历认证永久存档查询）采用学校原版纸张、特殊工艺完全按照原版一比一制作（包括：隐形水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠，文字图案浮雕，激光镭射，紫外荧光，温感，复印防伪）行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备，十五年致力于帮助留学生解决难题，业务范围有加拿大、英国、澳洲、韩国、美国、新加坡，新西兰等学历材料，包您满意。 ◆◆◆◆◆ — — — — — — — — 【留学教育】留学归国服务中心 — — — — — -◆◆◆◆◆ 【主营项目】一.毕业证【微信：176555708】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等！二.真实使馆公证(即留学回国人员证明,不成功不收费) 三.真实教育部学历学位认证（教育部存档！教育部留服网站永久可查）四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度) 如果您处于以下几种情况： ◇在校期间，因各种原因未能顺利毕业……拿不到官方毕业证【微信：176555708】 ◇面对父母的压力，希望尽快拿到； ◇不清楚认证流程以及材料该如何准备； ◇回国时间很长，忘记办理； ◇回国马上就要找工作，办给用人单位看； ◇企事业单位必须要求办理的 ◇需要报考公务员、购买免税车、落转户口 ◇申请留学生创业基金留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分→ 【关于价格问题（保证一手价格）我们所定的价格是非常合理的，而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子我给客户的都是第一手的代理价格，因为我想坦诚对待大家不想跟大家在价格方面浪费时间对于老客户或者被老客户介绍过来的朋友，我们都会适当给一些优惠。 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才选择实体注册公司办理，更放心，更安全！我们的承诺：可来公司面谈，可签订合同，会陪同客户一起到教育部认证窗口递交认证材料，客户在教育部官方认证查询网站查询到认证通过结果后付款，不成功不收费！学历顾问：微信：176555708

一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理

eutxy

LBS毕业证原版定制【微信：176555708】【伦敦商学院毕业证成绩单-学位证】【微信：176555708】（留信学历认证永久存档查询）采用学校原版纸张、特殊工艺完全按照原版一比一制作（包括：隐形水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠，文字图案浮雕，激光镭射，紫外荧光，温感，复印防伪）行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备，十五年致力于帮助留学生解决难题，业务范围有加拿大、英国、澳洲、韩国、美国、新加坡，新西兰等学历材料，包您满意。 ◆◆◆◆◆ — — — — — — — — 【留学教育】留学归国服务中心 — — — — — -◆◆◆◆◆ 【主营项目】一.毕业证【微信：176555708】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等！二.真实使馆公证(即留学回国人员证明,不成功不收费) 三.真实教育部学历学位认证（教育部存档！教育部留服网站永久可查）四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度) 如果您处于以下几种情况： ◇在校期间，因各种原因未能顺利毕业……拿不到官方毕业证【微信：176555708】 ◇面对父母的压力，希望尽快拿到； ◇不清楚认证流程以及材料该如何准备； ◇回国时间很长，忘记办理； ◇回国马上就要找工作，办给用人单位看； ◇企事业单位必须要求办理的 ◇需要报考公务员、购买免税车、落转户口 ◇申请留学生创业基金留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分→ 【关于价格问题（保证一手价格）我们所定的价格是非常合理的，而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子我给客户的都是第一手的代理价格，因为我想坦诚对待大家不想跟大家在价格方面浪费时间对于老客户或者被老客户介绍过来的朋友，我们都会适当给一些优惠。 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才选择实体注册公司办理，更放心，更安全！我们的承诺：可来公司面谈，可签订合同，会陪同客户一起到教育部认证窗口递交认证材料，客户在教育部官方认证查询网站查询到认证通过结果后付款，不成功不收费！学历顾问：微信：176555708

Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx

Brad Spiegel Macon GA

原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样

3ipehhoa

原版纸张【微信：741003700 】【(uob毕业证书)英国伯明翰大学毕业证】【微信：741003700 】学位证，留信认证（真实可查，永久存档）offer、雅思、外壳等材料/诚信可靠,可直接看成品样本，帮您解决无法毕业带来的各种难题！外壳，原版制作，诚信可靠，可直接看成品样本。行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题，包您满意。本公司拥有海外各大学样板无数，能完美还原海外各大学 Bachelor Diploma degree, Master Degree Diploma 1:1完美还原海外各大学毕业材料上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700 留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才

APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024

APNIC

1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样

3ipehhoa

原版纸张【微信：741003700 】【(bath毕业证书)英国巴斯大学毕业证学位证】【微信：741003700 】学位证，留信认证（真实可查，永久存档）offer、雅思、外壳等材料/诚信可靠,可直接看成品样本，帮您解决无法毕业带来的各种难题！外壳，原版制作，诚信可靠，可直接看成品样本。行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题，包您满意。本公司拥有海外各大学样板无数，能完美还原海外各大学 Bachelor Diploma degree, Master Degree Diploma 1:1完美还原海外各大学毕业材料上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700 留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才

guildmasters guide to ravnica Dungeons & Dragons 5...

Rogerio Filho

test test test test testtest test testtest test testtest test testtest test ...

Arif0071

Comptia N+ Standard Networking lesson guide

GTProductions1

BASIC C++ lecture NOTE C++ lecture 3.pptx

natyesu

JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf

Javier Lasa

Recently uploaded (20)

Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines

急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样

History+of+E-commerce+Development+in+China-www.cfye-commerce.shop

一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理

This 7-second Brain Wave Ritual Attracts Money To You.!

Internet-Security-Safeguarding-Your-Digital-World (1).pptx

Latest trends in computer networking.pptx

How to Use Contact Form 7 Like a Pro.pptx

The+Prospects+of+E-Commerce+in+China.pptx

一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理

一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理

Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx

原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样

APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024

1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样

guildmasters guide to ravnica Dungeons & Dragons 5...

test test test test testtest test testtest test testtest test testtest test ...

Comptia N+ Standard Networking lesson guide

BASIC C++ lecture NOTE C++ lecture 3.pptx

JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf

Solar winds supply chain breach - Insights from the trenches

2. Meet your speaker Keatron Evans Guest speaker Infosec instructor and managing partner at KM Cyber Security

3. Agenda �What happened? �Immediate action you can take �Industry responses �Demo: Snort, memory forensics and Zeek �Live Q & A

4. What happened? ● FireEye discovered a global attack targeting customers of SolarWinds’ Orion product line. We are tracking the actors behind this campaign as UNC2452. ● The attack trojanized SolarWinds Orion business software updates in order to distribute malware called SUNBURST. ● Post exploit activity including horizontal movement has been prevalent. ● The campaign is widespread, affecting public and private organizations around the world. ● FireEye is releasing signatures to detect this threat actor and supply chain attack in the wild. These are found on our public GitHub page. FireEye products and services can help customers detect and block this attack. https://github.com/fireeye/sunburst_countermeasures Sources – FireEye www.fireeye.com, www.mcaffee.com

5. Key findings about malware so far ● Has interest in cloud services and wireless network usage of victim ● Looks for Solarwinds tools that collect registrant email addresses, time zone info, etc. ● Has Domain Generation Algorithm for sub-domain generation for comms back to C2 Sources – FireEye www.fireeye.com, https://www.mcafee.com/blogs/other-blogs/mcafee-labs/additional-analysis-into-the-sunburst-backdoor/

6. What happened?

7. Responding to the incident ● What horizontal movements are detectable ● Patterns that may not be talked about in the public domain yet ● Implementing countermeasures and IOC search criteria with Snort from scratch

8. Take action immediately ● Go to FireEye Github and get the IOC’s and countermeasures ● Implement in your environment ● Check with your preferred security vendors ● Keep up to date on new developments

9. Some industry responses FireEye ● Published IOC's for everyone to use ● Published recommend steps to recovery ● Basically provided free Incident Response Advisory Services to the world Microsoft ● Invalidated malware certificates ● Sinkholed one of the main CnC domains ● Updated Windows Defender to look for Sunburst

10. Some industry responses McAfee ● Sharing detailed reverse engineered intelligence ● Updated in real time Others in the industry ● Other associates/responders ● My personal network ● Countless MSSP’s, SIEM vendors, etc. ● Contributions are growing by the minute

11. Snort, memory forensics and Zeek demo ?

12. Questions?

13. Keep your skills sharp Want to learn Snort, Zeek, memory forensics and other pertinent skills? Subscribe to Infosec Skills using Keatron’s code “evans50” to save 50% on your first month or first year. infosecinstitute.com/skills

14. Keep in touch Keatron Evans linkedin.com/in/keatronevans kevans@kmcybersecurity.com Infosec linkedin.com/company/infosec-institute www.infosecinstitute.com

15. About us Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. www.infosecinstitute.com

Solar winds supply chain breach - Insights from the trenches

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Solar winds supply chain breach - Insights from the trenches

Similar to Solar winds supply chain breach - Insights from the trenches (20)

More from Infosec

More from Infosec (20)

Recently uploaded

Recently uploaded (20)

Solar winds supply chain breach - Insights from the trenches