State of the Hack

State of the Hack is hosted by FireEye's Christopher Glyer (@cglyer) and Nick Carr (@itsreallynick), that discusses the latest in information security, digital forensics, incident response, cyber espionage, APT attack trends, and tales from the front lines of significant targeted intrusions.

RSS 0 0
0:00
Loading

S2E13: Rudolph the Redsourced Reindeer

Updated 11 months ago.

Ho ho homepage! Christopher Glyer and Nick Carr are back for the last episode of 2019. They’re closing the year with a look at this month’s front-line espionage activity and a whole bunch of FIN intrusions! In addition to the threat round-up, they highlight some of our Mandiant consultants doing that work and a few DFIR tricks they included in a recent blog: https://www.fireeye.com/blog/threat-research/2019/12/tips-and-tricks-to-analyze-data-with-microsoft-excel.html. As a special bonus, Santa dropped off a slide clicker for the show so Nick and Christopher decide to go deep on their recent presentation at #CYBERWARCON on “red sourcing.” An episode sure to make them friends on infosec twitter for sure! The presentation was a 10 minute #threatintel lightning talk, but embracing the Christmas spirit, the gang tries to navigate a sensitive area of current debate by spending more time on red sourcing & providing some evidence and observations on APT groups moving to publicly released post-compromise tooling; some potential motivations; and then question whether any tool can ever be fully controlled (e.g. Delpy/MIMIKATZ evil maid scenario, recent Turla coopting APT34 access & tools). Because RULER.HOMEPAGE was touched on in the talk, they expand a bit further on this and highlight the recent blog that Nick co-authored on how attackers (like UNC1194) can conduct intrusions from just a single registry key. They also question whether the technique’s usage via Outlook installed Office 365’s Click-to-Run is technically CVE-2017-11774 or not. I guess we need another episode with MSRC! They end the year with some spicy predictions for 2020. You’ll see. Thanks for watching and listening this year!

This episode was sponsored by bad decisions and office holiday parties - and especially both.

Download

Comments