Squashing SCATTERED SPIDER's Attacks in the Cloud | Threat SnapShot

Описание к видео Squashing SCATTERED SPIDER's Attacks in the Cloud | Threat SnapShot

As more and more organizations move to the cloud, threat actors are quickly following suit. This migration leads traditional defenders to ask questions like, "how do I defend assets in the cloud?". In this week's Threat SnapShot, we'll look at two recent attacks from SCATTERED SPIDER -- one where they used tools such as LINpeas to extract credentials from the EC2 Instance Metadata Service in order to escalate privileges and move laterally, and another where they backdoored machines running in Azure using the Special Administration Console (SAC). We'll take a look at what these threats look like in SnapAttack, as well as discuss detection and hunting strategies so you can squash SCATTERED SPIDER's activity in your organization's clouds.

References:
https://www.crowdstrike.com/blog/anal...
https://github.com/DataDog/stratus-re...
https://www.mandiant.com/resources/bl...

SnapAttack Content:
https://app.snapattack.com/threat/598... - Threat: Stratus - Steal EC2 Instance Credentials
https://app.snapattack.com/detection/... - Detection: Script Executed on EC2 Instance
https://app.snapattack.com/detection/... - Detection: AWS STS AssumeRole Misuse
https://app.snapattack.com/detection/... - Detection: aws detect sts assume role abuse
https://app.snapattack.com/threat/728... - Threat: Command Execution via Special Administration Console (SAC)
https://app.snapattack.com/detection/... - Detection: Terminal Spawned via Special Administration Console

Комментарии

Информация по комментариям в разработке

Похожие видео