Module 6 Summary

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
8 hours 28 minutes
Difficulty
Beginner
CEU/CPE
10
Video Transcription
00:00
Hello and congratulations on the successful completion of another module in our discussions on the application of the minor attack framework, today's summary is with respect to defensive Asian and everything that we have looked at within it. So,
00:20
as usual, what should we know now? What have we gone over? Well, we're going to really summarize everything into one slide today because there has been a common theme in all of these areas.
00:34
We looked at what they should be or what they are based on what Minor has. So clearing command history, getting rid of information,
00:41
compiling after delivery, putting it together once it gets to a nen user system, the same wing security tools, hidden files and directories, hidden users process hollow and software packing all of these things designed to keep a threat actor hidden and to keep them out of your purview.
01:00
Now, mitigation factors here ranged from hubristic and signature based antivirus and malware detection all the way through to end user. When his training AP, I detection any number of things within these areas really
01:18
again, our focus being least privilege for end users
01:23
and good awareness training. If those two things are the core you can build from there and really have a program in place that's going to reduce the impact incapability of a threat actor on your network and reduce that the well time from hopefully
01:40
50 days, six months, 300 days. Whatever the case may be
01:45
down Teoh, maybe minutes, maybe seconds. Whatever the case may be there, depending on your capabilities and what you're doing
01:53
again. Ah, lot of these techniques are difficult to spot process. Halloween and software packing are going to be a little bit more difficult to spot than hidden users and hidden files and directories. We can usually spot security tools that have been disabled. If we're paying attention to systems,
02:09
compile after delivery may be difficult to detect, as well as
02:14
clearing the command history in certain instances. But
02:17
if we do seeing that threat, actors are disabling those things or they're getting rid of our command history. We may at least have a point in time that we can work back to, with respect to finding them and figuring out what is going on. So with that in mind, I want to thank you for your time today, and I look forward to seeing you again soon
Up Next
Application of the MITRE ATT&CK Framework

This MITRE ATT&CK training is designed to teach students how to apply the matrix to help mitigate current threats. Students will move through the 12 core areas of the framework to develop a thorough understanding of various access ATT&CK vectors.

Instructed By