You’ve found Cobalt Strike on your network. Is it Being Weaponized?
How to understand attack stages, methods to analyze and IOCs before Cobalt Strike becomes a ransomware infection
Cobalt Strike, the popular penetration tool, has been abused by threat actors for years with thousands of abuse instances being recorded. Existing abuse can range from ransomware deployment to surveillance to data exfiltration and it’s presence can be the only noticeable precursor to a ransomware infection.
During this session, Patrick Knight, Sr. Threat Researcher & Architect at ReversingLabs, will discuss how penetration tools like Cobalt Strike, PsExec and Mimikatz variants are abused by cybercriminals and common tools for APT groups. Patrick will use Cobalt Strike as an example to cover the different stages of a ransomware infection, why response plans need to map to a particular stage of an attack, the common tools involved at each stage of the attack, and the hunting methods required to analyze artifacts in order to prevent becoming a victim.