Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear

•

1 like•299 views

Learn how Symantec Endpoint Protection & Response (EDR) and the MITRE ATT&CK framework can expose and thwart persistent adversaries like APT28 otherwise known as Fancy Bear. Watch Webinar here: https://symc.ly/2WyPD8I

Technology

Using Advanced Detection and
MITRE ATT&CK™ to Cage Fancy
Bear
Adam Glick
Effectiveness Team Lead
Symantec

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only
Detect Advanced Attacks in progress
by observing suspicious behavior patterns
3

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only
• Microsoft Office attempted to launch C#
compiler
• Script attempted injection into a system
process
• Suspicious process attempted to lower
security warnings
• Credential theft: untrusted process attempted
to load crytography DLLs and to access lsass
memory
• Suspicious PowerShell command: script piped
to powershell.exe
• Untrusted process attempted to write memory
in a Microsoft process
• Script attempted to launch psexec to run a
remote process in the System account
• Attempted write of file masquerading as
operating system file
• Process launch attempted from recycle bin
• Regsvr32 launch attempted with evasive
command line
• Service used to attempt new user creation
• Suspected UAC bypass via registry attempted
• Suspected credential theft attempted by
accessing the registry's Security Accounts
Manager area
• Untrusted process attempted to get Domain
Controller information
• Suspicious attempt to enumerate network
shares
4
For example
And tons more

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only
Source: attack.mitre.org 6

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only
Combined they tell a clear story about
what’s happening and why
7

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only 9
Spear phishing
email
Excel doc
with macro
One time
loader exe
Hidden
DLL
Batch
file
Registry load
point
Living off the land
information gathering,
credential theft,
covering tracks

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only
Incident and event information that is simple enough
to be rapidly understood,
with enough detail to be quickly determined to be
credible, important, and actionable.
11

Questions ?
Adam Glick
Effectiveness Team Lead
Symantec

Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only
THANK YOU !
13

The Phishing Intelligence Engine (PIE) is a framework that will assist with the detection and response to phishing attacks. An Active Defense framework built around Office 365, that continuously evaluates Message Trace logs for malicious contents, and dynamically responds as threats are identified or emails are reported. This talk covers the framework and then dives into some stories from the field.

Phishing Intelligence Engine - BlueHat v17

Greg Foss

Activated Charcoal - Making Sense of Endpoint Data

Greg Foss

Recorded Webcast: https://logrhythm.com/resources/webcasts/activated-charcoal-making-sense-of-endpoint-data/ Security operations is all about understanding and acting upon of large amounts of data. When you can pull data from multiple sources, condense it down and correlate across systems, you can highlight trends, find flaws and resolve issues. This Presentation was given at Black Hat 2016 and, recently, an SC Magazine Webcast, covering the importance of monitoring endpoints and how to leverage endpoint data to detect, respond and neutralize advanced threats.

How to Test for The OWASP Top Ten

Security Innovation

The OWASP Top Ten is an expert consensus of the most critical web application security threats. If properly understood, it is an invaluable framework to prioritize efforts and address flaws that expose your organization to attack. This webcast series presents the OWASP Top 10 in an abridged format, interpreting the threats for you and providing actionable offensive and defensive best practices. It is ideal for all IT/development stakeholders that want to take a risk-based approach to Web application security. How to Test for the OWASP Top Ten webcast focuses on tell tale markers of the OWASP Top Ten and techniques to hunt them down: • Vulnerability anatomy – how they present themselves • Analysis of vulnerability root cause and protection schemas • Test procedures to validate susceptibility (or not) for each threat

Locking Down Your Cloud

Teri Radichel

BlueHat v18 || software supply chain attacks in 2018 - predictions vs reality

BlueHat Security Conference

CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui

NCCOMMS

BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...

BlueHat Security Conference

Jagadeesh Parameswaran, Microsoft Rahul Sachan, Microsoft Windows Defender Advanced Threat Protection (WDATP) gives defenders unparalleled visibility into the enterprise. And Azure Advanced Threat Protection (AATP) gives the power to monitor attacks on the Domain Controllers and user identities. Come spend an hour with us as we pull back the covers and go through detailed examples of real attacks that we saw as we defended the Microsoft corporate environment using WDATP & AATP.

Brian Gorenc, Trend Micro Much like their six-legged counterparts in nature, bugs in software have a lifecycle. They are discovered, they get exploited, they get reported, they get patched, and usually, they go away. At each stage of this lifecycle, information about the vulnerability equates to a monetary value, and, depending on how this information is disseminated, that monetary value can drastically change. Various marketplaces exist for security research, and the current gray and black markets can be as robust as their white market counterparts. Different agents within these markets influence research trends by shifting finances to or away from specific areas, resulting in more bugs discovered and reported in that area. Even if you don’t directly participate in this economy, it impacts you and the systems you defend. Bugs bought and sold in the marketplace often become security patches and sometimes get wrapped into exploit kits or malware. Administering the world’s largest vendor agnostic bug bounty program puts us in a unique position to examine the inner workings of these transactions. While firmly in the white market, our experience and relationships provide us with insight across the entire exploit landscape. Some of these factors might not be obvious to those outside of the marketplace until exposed through data leaks or compromise. These hidden factors can shift prices and send researchers – and thus exploits – in new directions. Like any open market, various factors can spur changes in supply and demand, and market actors can shape what types of research either becomes public – or finds its way into an exploit kit. This presentation covers the inner-workings of the exploit marketplace, the main players in various sectors, and the winding, often controversial lifespan of a security bug. We include real-world examples of how effectively run programs have disrupted nation-state exploit usage in the wild, and take a look at how existing and impending legislation could irrevocably affect the exploit marketplace – and maybe not for the better.

Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra

idsecconf

Managed Threat Detection and Response

Alert Logic

Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...

Security Innovation

This talk will help you, as a decision maker or architect, to understand the risks of migrating a thick client or traditional web application to the modern web. In this talk I’ll give you tools and techniques to make the migration to the modern web painless and secure so you can mitigate common pitfalls without having to make the mistakes first. I’ll be doing demos, and telling lots of stories throughout. Making some good architectural decisions up front can help you: - Minimize the risk of data breach - Protect your user’s privacy - Make security choices easy the easy default for your developers - Understand the cloud security model - Create defaults, policies, wrappers, and guidance for developers - Detect when developers have bypassed security controls

Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...

Nagios

Security Implications of the Cloud

Alert Logic

Extending Amazon GuardDuty with Cloud Insight Essentials

Alert Logic

Deception & AWS: Adding Fog to EC2 & S3

Cymmetria

The Threat Is Real. Protect Yourself.

Teri Radichel

Extending Amazon GuardDuty with Cloud Insight Essentials

Alert Logic

The Intersection of Security & DevOps

Alert Logic

TA505: A Study of High End Big Game Hunting in 2020

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour October 2020 By Brandon Levene, Head of Applied Intelligence Google, @seraphimdomain Opportunistically targeted ransomware deployments, aka Big Game Hunting (BGH), have caused a distinct disruption in the mechanics of monetizing crimeware compromises. This strategy has become the “end game” for the majority of organized cybercrime organizations, and one effect of this shift is the increased emphasis on enterprise-level targets. In this talk from the MITRE ATT&CKCon Power Hour session on October 9, 2020, Levene walks us through research about how a specific BGH threat actor pursues entry points, gains its foothold, pivots, and deploys payloads to maximize their financial gains with minimal effort - and infrastructure! You’ll walk away with an understanding of the latest BGH TTPs seen in enterprise environments, and how they map to the ATT&CK framework so you can build this research into your threat detection strategy and enhance your defenses.

BlueHat v18 || The hitchhiker's guide to north korea's malware galaxy

BlueHat Security Conference

Christiaan F Beek, McAfee Jay Rosenberg, Intezer Labs The Lazarus, Silent Chollima, Group 123, Hidden Cobra, DarkSeoul, Blockbuster, Operation Troy, 10 Days of Rain attacks are all believed to originate from North Korea. But how can they be attributed with certainty? And what connection does a DDoS and disk wiping attack from July 4 2009, have with WannaCry, one of the largest cyber-attacks in the history of the cyber-sphere? We have conducted a comparative research over more than 10 years of malware and tools being used by North Korean adversaries. The results were intriguing and we will share our discoveries but also hunt tactics during our talk. We discovered new links between campaigns and were able to group malware families towards actor groups and discovere interesting patterns.

Protecting Against Web Attacks

Alert Logic

Lacework | Top 10 Cloud Security Threats

Lacework

Defcon 27 - Phishing in the Cloud Era

Netskope

Solnet dev secops meetup

pbink

AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...

Lacework

Join the Lacework team for AWS Security Week at the AWS Loft in New York for a hands-on demonstration of Lacework. See how behavioral analysis can be applied at scale for continuous security and compliance monitoring of your AWS infrastructure. Chris Pedigo, Senior SE at Lacework, will walk attendees through Lacework with a specific focus on how we automatically analyze AWS CloudTrail and AWS Config data to ensure that security best practices are in place and that data anomalies are detected to help prevent ransomware, Bitcoin mining, or container security issues. The session will be interactive; attendees should come prepared for hands-on work on AWS accounts and console and have a Linux shell available in order to get the most from the workshop. Attendees will have access to the Lacework team to get individual attention for trial account set-up after the session.

Open Source Malware Lab

ThreatConnect

The landscape of open source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source tools that satisfy the analysis requirements for each of these entry points. Each tool’s output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open source software. For file analysis, the three major versions of Cuckoo Sandbox will be examined. To analyze a potentially malicious URL, the low-interaction honeyclient, Thug, will be covered. Next, if one has a network capture (PCAP) to analyze, the Bro Network Security Monitor is a great option, and will be covered. Finally, if the analysis target is a memory image, the Volatility Framework will be examined. Each of the inputs and outputs of the tools will be reviewed to expose ways that they can be chained together for the purpose of automation.

The Intersection of Security & DevOps

Alert Logic

Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats

SBWebinars

Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...

Chris Gates

What's hot

BlueHat v18 || Modern day entomology - examining the inner workings of the bu...

BlueHat Security Conference

Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra

idsecconf

Managed Threat Detection and Response

Alert Logic

Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...

Security Innovation

Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...

Nagios

Security Implications of the Cloud

Alert Logic

Extending Amazon GuardDuty with Cloud Insight Essentials

Alert Logic

Deception & AWS: Adding Fog to EC2 & S3

Cymmetria

The Threat Is Real. Protect Yourself.

Teri Radichel

Extending Amazon GuardDuty with Cloud Insight Essentials

Alert Logic

The Intersection of Security & DevOps

Alert Logic

TA505: A Study of High End Big Game Hunting in 2020

MITRE - ATT&CKcon

BlueHat v18 || The hitchhiker's guide to north korea's malware galaxy

BlueHat Security Conference

Protecting Against Web Attacks

Alert Logic

Lacework | Top 10 Cloud Security Threats

Lacework

Defcon 27 - Phishing in the Cloud Era

Netskope

Solnet dev secops meetup

pbink

AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...

Lacework

Open Source Malware Lab

ThreatConnect

The Intersection of Security & DevOps

Alert Logic

What's hot (20)

BlueHat v18 || Modern day entomology - examining the inner workings of the bu...

Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra

Managed Threat Detection and Response

Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...

Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...

Security Implications of the Cloud

Extending Amazon GuardDuty with Cloud Insight Essentials

Deception & AWS: Adding Fog to EC2 & S3

The Threat Is Real. Protect Yourself.

Extending Amazon GuardDuty with Cloud Insight Essentials

The Intersection of Security & DevOps

TA505: A Study of High End Big Game Hunting in 2020

BlueHat v18 || The hitchhiker's guide to north korea's malware galaxy

Protecting Against Web Attacks

Lacework | Top 10 Cloud Security Threats

Defcon 27 - Phishing in the Cloud Era

Solnet dev secops meetup

AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...

Open Source Malware Lab

The Intersection of Security & DevOps

Similar to Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear

Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats

SBWebinars

Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...

Chris Gates

Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...

IBM Security

View the on-demand recording: http://securityintelligence.com/events/avoiding-application-attacks/ Your organization is running fast to build your business. You are developing new applications faster than ever and utilizing new cloud-based development platforms. Your customers and employees expect applications that are powerful, highly usable, and secure. Yet this need for speed coupled with new development techniques is increasing the likelihood of security issues. How can you meet the needs of speed to market with security? Hear Paul Ionescu, IBM Security, Ethical Hacking Team Lead discuss: - How application attacks work - Open Web Application Security Project (OWASP) goals - How to build defenses into your applications - The 10 most common web application attacks, including demos of the infamous Shellshock and Heartbleed vulnerabilities - How to test for and prevent these types of threats

Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...

Adam Pennington

Symantec Webinar: What Cyber Threats Are Lurking in Your Network?

Symantec

ISACA GTACS 2018 - Red Teaming for Enterprise

Saeid Atabaki

Keynote: Which way is the SolarWind Blowing? Techniques are changing…are you ...

JamieWilliams130

001 - Get acquainted with the AWS platform -- hide01.ir.pptx

nitinscribd

Indianapolis Splunk User Group Dec 22

WesComer2

hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2

Chris Gates

DIY-CyberArk-Blueprint-Roadmap-Template.pptx

BirLama2

Anatomy of a Cloud Hack

NotSoSecure Global Services

Try {stuff} Catch {hopefully not} - Evading Detection & Covering Tracks

Yossi Sassi

How to write secure code

Flaskdata.io

Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)

Shah Sheikh

Security at Greenhouse

Michael O'Neil

For Business's Sake, Let's focus on AppSec

Lalit Kale

(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...

Priyanka Aash

Controlling Access to IBM i Systems and Data

Precisely

Security best practice and regulations such as SOX, HIPAA, GDPR and others require you to restrict access to your critical IBM i systems and their data, but this is easier said than done. Legacy, proprietary access protocols now co-exist with new, open-source protocols to create access control headaches. View this webcast on-demand for an in-depth discussion of IBM i access points that must be secured and how exit points can be leveraged to accomplish the task. We’ll cover: • Securing network access and communication ports • How database access via open-source protocols can be secured • Taking control of command execution

SEC599 - Breaking The Kill Chain

Erik Van Buggenhout

Similar to Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear (20)

Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats

Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...

Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...

Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...

Symantec Webinar: What Cyber Threats Are Lurking in Your Network?

ISACA GTACS 2018 - Red Teaming for Enterprise

Keynote: Which way is the SolarWind Blowing? Techniques are changing…are you ...

001 - Get acquainted with the AWS platform -- hide01.ir.pptx

Indianapolis Splunk User Group Dec 22

hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2

DIY-CyberArk-Blueprint-Roadmap-Template.pptx

Anatomy of a Cloud Hack

Try {stuff} Catch {hopefully not} - Evading Detection & Covering Tracks

How to write secure code

Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)

Security at Greenhouse

For Business's Sake, Let's focus on AppSec

(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...

Controlling Access to IBM i Systems and Data

SEC599 - Breaking The Kill Chain

Recently uploaded

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

Recently uploaded (20)

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

How world-class product teams are winning in the AI era by CEO and Founder, P...

FIDO Alliance Osaka Seminar: Overview.pdf

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

GraphRAG is All You need? LLM & Knowledge Graph

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

Epistemic Interaction - tuning interfaces to provide information for AI support

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

UiPath Test Automation using UiPath Test Suite series, part 3

Securing your Kubernetes cluster_ a step-by-step guide to success !

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Elevating Tactical DDD Patterns Through Object Calisthenics

Leading Change strategies and insights for effective change management pdf 1.pdf

Accelerate your Kubernetes clusters with Varnish Caching

Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear

1. Using Advanced Detection and MITRE ATT&CK™ to Cage Fancy Bear Adam Glick Effectiveness Team Lead Symantec

2. Detection of Advanced Attack Techniques

4. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only • Microsoft Office attempted to launch C# compiler • Script attempted injection into a system process • Suspicious process attempted to lower security warnings • Credential theft: untrusted process attempted to load crytography DLLs and to access lsass memory • Suspicious PowerShell command: script piped to powershell.exe • Untrusted process attempted to write memory in a Microsoft process • Script attempted to launch psexec to run a remote process in the System account • Attempted write of file masquerading as operating system file • Process launch attempted from recycle bin • Regsvr32 launch attempted with evasive command line • Service used to attempt new user creation • Suspected UAC bypass via registry attempted • Suspected credential theft attempted by accessing the registry's Security Accounts Manager area • Untrusted process attempted to get Domain Controller information • Suspicious attempt to enumerate network shares 4 For example And tons more

5. Mitre ATT&CK

8. Advanced Attack APT28 aka Fancy Bear

9. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only 9 Spear phishing email Excel doc with macro One time loader exe Hidden DLL Batch file Registry load point Living off the land information gathering, credential theft, covering tracks

10. Slides are boring Show me instead

11. Copyright © 2018 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Incident and event information that is simple enough to be rapidly understood, with enough detail to be quickly determined to be credible, important, and actionable. 11

12. Questions ? Adam Glick Effectiveness Team Lead Symantec

Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear

Similar to Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear (20)

More from Symantec

More from Symantec (20)

Recently uploaded

Recently uploaded (20)

Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear