Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this...
Transcript of Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this...
![Page 1: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without](https://reader033.fdocuments.net/reader033/viewer/2022050603/5faa9ddfc2ae5f397c6d935d/html5/thumbnails/1.jpg)
Rob Collins
Director of Sales Engineering - APAC
Laying a Minefield for Attackers
![Page 2: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without](https://reader033.fdocuments.net/reader033/viewer/2022050603/5faa9ddfc2ae5f397c6d935d/html5/thumbnails/2.jpg)
Agenda
• Attack lifecycle and MITRE ATT&CK Framework
• CylancePROTECT strategies
• CylanceOPTICS strategies
• Bringing it all together to lay the minefield – live demo
• Q&A
Notes:
• This will be recorded
• The slides will be made available
• The webinar is eligible for 1 CPE credit in the (ISC)2 Program
![Page 3: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without](https://reader033.fdocuments.net/reader033/viewer/2022050603/5faa9ddfc2ae5f397c6d935d/html5/thumbnails/3.jpg)
SafeHarbor
The information in this presentation is confidential and proprietary to Cylance® and may not
be disclosed without the permission of Cylance. This presentation is not subject to your license agreement or
any other service or subscription agreement with Cylance. Cylance has no obligation to pursue any course of
business outlined in this document or any related presentation, or to develop or release any functionality
mentioned therein.
This document, or any related presentation and Cylance's strategy and possible future development, product,
and/or platform direction and functionality are all subject to change
and may be changed by Cylance at any time for any reason without notice. The information
on this document is not a commitment, promise, or legal obligation to deliver any material, code, or
functionality. This document is for informational purposes and may not be incorporated into a contract.
Cylance assumes no responsibility for errors or omissions in this document.
SafeHarbor
![Page 4: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without](https://reader033.fdocuments.net/reader033/viewer/2022050603/5faa9ddfc2ae5f397c6d935d/html5/thumbnails/4.jpg)
“Perfect is the enemy of good”
-Voltaire
![Page 5: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without](https://reader033.fdocuments.net/reader033/viewer/2022050603/5faa9ddfc2ae5f397c6d935d/html5/thumbnails/5.jpg)
Move laterally
Attack Lifecycle
• Spear phishing
email with custom
malware
• 3rd party app exploit
• Web vulnerabilities
exploit
• Custom malware
• C2
• Password cracking
• Pass-the-hash
• Application
exploitation
• Critical system
recon
• System, Active
Directory, and user
enumeration
• Staging servers
• Data consolidation
• Data theft
• Backdoor variants
• VPN subversion
• Sleeper malware
• Net use commands
• Reverse shell access
Initial compromise Establish foothold Escalate privileges Internal recon Complete mission
Maintain
persistence
![Page 6: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without](https://reader033.fdocuments.net/reader033/viewer/2022050603/5faa9ddfc2ae5f397c6d935d/html5/thumbnails/6.jpg)
![Page 7: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without](https://reader033.fdocuments.net/reader033/viewer/2022050603/5faa9ddfc2ae5f397c6d935d/html5/thumbnails/7.jpg)
![Page 8: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without](https://reader033.fdocuments.net/reader033/viewer/2022050603/5faa9ddfc2ae5f397c6d935d/html5/thumbnails/8.jpg)
Attack 101
Code
Identity
Denial of Service
Malware
Exploits
Scripts
Admin tools
![Page 9: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without](https://reader033.fdocuments.net/reader033/viewer/2022050603/5faa9ddfc2ae5f397c6d935d/html5/thumbnails/9.jpg)
CylancePROTECT
Malware: Auto Quarantine
![Page 10: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without](https://reader033.fdocuments.net/reader033/viewer/2022050603/5faa9ddfc2ae5f397c6d935d/html5/thumbnails/10.jpg)
CylancePROTECT
Exploits:
Memory Protection
![Page 11: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without](https://reader033.fdocuments.net/reader033/viewer/2022050603/5faa9ddfc2ae5f397c6d935d/html5/thumbnails/11.jpg)
CylancePROTECT
Scripts: Script Control
Block for
Desktops, Alert
for Servers
Block for
Servers, Alert
for Desktops
![Page 12: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without](https://reader033.fdocuments.net/reader033/viewer/2022050603/5faa9ddfc2ae5f397c6d935d/html5/thumbnails/12.jpg)
CylanceOPTICS
Scripts: Script Intent
![Page 13: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without](https://reader033.fdocuments.net/reader033/viewer/2022050603/5faa9ddfc2ae5f397c6d935d/html5/thumbnails/13.jpg)
CylanceOPTICS
Identity: Obtain
Credentials
![Page 14: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without](https://reader033.fdocuments.net/reader033/viewer/2022050603/5faa9ddfc2ae5f397c6d935d/html5/thumbnails/14.jpg)
CylanceOPTICS
Admin Tools
![Page 15: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without](https://reader033.fdocuments.net/reader033/viewer/2022050603/5faa9ddfc2ae5f397c6d935d/html5/thumbnails/15.jpg)
Demo
![Page 16: Laying a Minefield for Attackers - blackberry.com€¦ · Safe Harbor The information in this presentation is confidential and proprietary to Cylance® and may not be disclosed without](https://reader033.fdocuments.net/reader033/viewer/2022050603/5faa9ddfc2ae5f397c6d935d/html5/thumbnails/16.jpg)
Questions
Answers