March 30

Webinar takeaway – Web Shell Intrusion Live Attack & Defend Demo

0  comments

My key takeaways

  • Webshells are often not recognized by AV solutions
    • suggested mitigations:
      • Latest OS and Patches
      • Reduce plugin usage
      • WAP
      • Vuln Scan
      • File Integrity Monitoring
  • Juicy Potato LPE is a binary for local privilege escalation
  • Mysterius file? Hash it with filehash and lookup the sha256-hash at virustotal
  • lsass.exe <- cred management on win
  • Falcon Complete is a managed EDR solution
    • living happily in the cloud
  • Internal blue team might see only few different attacks over time
    • the SOC at crowdstrike sees a lot of different attacks
      • more experience means probably faster reaction

Env


Tags

demo, product presentation, vendor


You may also like

Webinar takeaway – Web Shell Intrusion Live Attack & Defend Demo

Webinar takeaway – Web Shell Intrusion Live Attack & Defend Demo
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}