OSSEC Conferences

Detecting Lateral Movement Natively in Windows [feat. SolarWinds, Sunburst]

Wednesday, March 17th @ 12:30pm to 1:30pm Eastern

Join us for a webinar from Casey Preister of Atomicorp as he discusses Detecting Lateral Movements Natively in Windows featuring SolarWinds and Sunburst.

The widely reported December 2020 hack of the SolarWinds Orion network performance monitoring system employed a sophisticated series of takeover steps that included backdoors, expired domains, the use of Orion itself as a vector, compromised credentials, and malware implants, all to steal data and compromise systems.

The attack, referred to as Sunburst, Sunburst Backdoor, and Dark Halo, may have begun with undetectable malicious code, but subsequent stages were anything but undetectable. In the lab, I reconstructed Sunburst and monitored it with OSSEC. I uncovered multiple warning signs that looked like all-too-common ‘blip’ occurrences, but they were not. These so-called “false negatives” were actually the start of something malicious…

Angled border

 

Get Access to Full Length OSSEC Videos from Conferences and Webinars

 

We are recording our virtual conferences and webinars and making them available for free! Just fill out the form and you’ll instantly get access to a growing list of OSSEC sessions. You’ll get 9+ hours (and growing with each conference) of insights on many OSSEC and cybersecurity topics.