Time
8 hours 28 minutes
Difficulty
Beginner
CEU/CPE
10

Video Transcription

00:00
hello and welcome to another application of the minor attack framework discussion. Today. We're going to be looking at account access removal. So with that, let's jump straight in to our objectives.
00:13
So today's objectives are as follows. We're going to describe account access, removal. What are some mitigation techniques and some detection techniques as well? So provider account access removal is when the Threat actor interrupts availability of a system or network by inhibiting access to accounts
00:32
utilised by legitimate users.
00:35
This could be that the account is deleted, locked or that credentials air changed or manipulated. So this could be like if you've got a weak password on account and it is compromised and then multi factors put in place. But it's not your multi factor. You are effectively locked out of that account until you can get in touch with someone who can help you to resolve the issue.
00:56
A particular tool in this would be locker Geauga, and so this tool is a ransomware tool that has been tied to various attacks in European companies are on European companies, has the ability to change account passwords and long users off disable a V with task kill commands,
01:15
delete its original launcher after execution and can check down infected systems.
01:19
Definitely sounds like something that would be nasty to have. Mitigation techniques here are going to be really based around in user awareness training to reduce the potential of infection. Detention techniques are going to surround looking at event I DS as follows. 40 to 20 or 47 23
01:38
which is an attempt made to change account passwords.
01:41
47 24 attempts made to reset and accounts password 47 26 Account was deleted 47 40. A user account was locked down,
01:51
and so if you're going to monitor for anything that is account related, these were definitely some key areas to focus on, so that you could potentially see when a threat, after maybe doing some things that could lead eventually to account lockout or deletion.
02:02
And you could at least track it back to origination and hopefully deal with the issue. So with that, let's do a quick check on learning the true or false account access removal is when a threat actor attempts to keep the intended user of a system from getting back into the system.
02:22
All right, so if you need additional time, please pause the video. So in this case, account access removal in cases is whim. A threat actor attempts to keep the intended user of a system from getting back into a system. So this is a true statement now. In some ray of today's discussion,
02:40
we described account access removal again. This is account manipulation changes, modifications that keep the intended user out.
02:47
Mitigation techniques are going to be revolving around in user awareness training to hopefully prevent threat actors from getting into systems to begin with. And then detection techniques include a number of event ideas that we use to describe attempts to delete, modify or otherwise get into legitimate user accounts.
03:07
So with that in mind, I want to thank you for your time today,
03:10
and I look forward to seeing you again soon.

Up Next

Application of the MITRE ATT&CK Framework

This MITRE ATT&CK training is designed to teach students how to apply the matrix to help mitigate current threats. Students will move through the 12 core areas of the framework to develop a thorough understanding of various access ATT&CK vectors.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor