My key takeaways
- Webshells are often not recognized by AV solutions
- suggested mitigations:
- Latest OS and Patches
- Reduce plugin usage
- WAP
- Vuln Scan
- File Integrity Monitoring
- suggested mitigations:
- Juicy Potato LPE is a binary for local privilege escalation
- Mysterius file? Hash it with
filehash
and lookup the sha256-hash at virustotal lsass.exe
<- cred management on win- Falcon Complete is a managed EDR solution
- living happily in the cloud
- Internal blue team might see only few different attacks over time
- the SOC at crowdstrike sees a lot of different attacks
- more experience means probably faster reaction
- the SOC at crowdstrike sees a lot of different attacks
Env
-
Provided by Crowdstrike
-
Presenter:
-
Speaker
- Alex Sayavedra
- Alice Allsop
- Elliott Reynolds