Earlier this year an as-of-yet unnamed actor targeted the Colonial Pipeline Company using the DarkSide ransomware. The attack crippled the largest energy pipeline in the United States, causing oil and gas shortages in several states. While a great deal of the media has focused on the DarkSide ransomware in their coverage, the reality is that the actors leveraged a wide array of tools and exploits to carry out one of the most devastating ransomware attacks in history. Understanding these tools is critical to understanding how to defend against these types of attacks.
Prepare for an in-depth and uncut technical deep dive with Intel 471's Austin Jackson, into the actors' tools and TTPs and how organizations can hunt and detect them in their own environments!
The webinar will provide technical insight into the following topics:
- An overview of the tools and techniques the actors used in the attack.
- A deep dive into the PowerShell-based .NET backdoor SMOKEDHAM that let the attacks establish their foothold.
- A walk-through of how the actors escalated privileges in the environment using LSASS process memory dumps.
- Understand how the actors exploited CVE-2020-1472 & CVE-2021-20016.
- Learn how the actors leveraged Rclone to conduct data exfiltration.
- Along with practical hunting and detection strategies!
