S2E03: Behind the ATM Heist & Other Red Team Stories
about 1 month ago.
Updated about 1 month ago.
On this episode, we got right into a bunch of new in-the-wild activity! We discussed FIN6's shift to deploying enterprise ransomware, including their recent LOCKERGOGA campaigns. The recent DAYJOB/ShadowHammer supply chain compromises prompted some discussion around this trend and several hunting techniques. We covered our newly-released blog on the techniques that the attackers used to deliver the TRITON malware framework and how to hunt for them - as well as some background on our on-going response to that group at another critical infrastructure client. We wanted to learn more about attacker creativity and their mindset by inviting a real-life adversary onto our show: Alyssa Rahman (@ramen0x3f) from our Red Team. She walks us through a comprehensive red team case study at a financial client that include compromising multi-factor systems, KeePass, and eventually ATMs. She chats about why our red team prefers phone-based social engineering as well as our Mandiant Red Team's release of CommandoVM and ADFSDump/ADFSpoof.