S2E03: Behind the ATM Heist & Other Red Team Stories
State of the Hack
English - April 16, 2019 17:21 - 45 minutes - 31 MB - ★★★★★ - 28 ratingsTechnology News Tech News fireeye mandiant cybersecurity malware hacker Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
On this episode, we got right into a bunch of new in-the-wild
activity! We discussed FIN6's shift to deploying enterprise
ransomware, including their recent LOCKERGOGA campaigns. The recent
DAYJOB/ShadowHammer supply chain compromises prompted some discussion
around this trend and several hunting techniques. We covered our
newly-released blog on the techniques that the attackers used to
deliver the TRITON malware framework and how to hunt for them - as
well as some background on our on-going response to that group at
another critical infrastructure client. We wanted to learn more about
attacker creativity and their mindset by inviting a real-life
adversary onto our show: Alyssa Rahman (@ramen0x3f) from our Red Team.
She walks us through a comprehensive red team case study at a
financial client that include compromising multi-factor systems,
KeePass, and eventually ATMs. She chats about why our red team prefers
phone-based social engineering as well as our Mandiant Red Team's
release of CommandoVM and ADFSDump/ADFSpoof.