8 hours 39 minutes
Hello and congratulations on the successful completion of another module in our discussions on the application of the minor attack framework, today's summary is with respect to defensive Asian and everything that we have looked at within it. So,
as usual, what should we know now? What have we gone over? Well, we're going to really summarize everything into one slide today because there has been a common theme in all of these areas.
We looked at what they should be or what they are based on what Minor has. So clearing command history, getting rid of information,
compiling after delivery, putting it together once it gets to a nen user system, the same wing security tools, hidden files and directories, hidden users process hollow and software packing all of these things designed to keep a threat actor hidden and to keep them out of your purview.
Now, mitigation factors here ranged from hubristic and signature based antivirus and malware detection all the way through to end user. When his training AP, I detection any number of things within these areas really
again, our focus being least privilege for end users
and good awareness training. If those two things are the core you can build from there and really have a program in place that's going to reduce the impact incapability of a threat actor on your network and reduce that the well time from hopefully
50 days, six months, 300 days. Whatever the case may be
down Teoh, maybe minutes, maybe seconds. Whatever the case may be there, depending on your capabilities and what you're doing
again. Ah, lot of these techniques are difficult to spot process. Halloween and software packing are going to be a little bit more difficult to spot than hidden users and hidden files and directories. We can usually spot security tools that have been disabled. If we're paying attention to systems,
compile after delivery may be difficult to detect, as well as
clearing the command history in certain instances. But
if we do seeing that threat, actors are disabling those things or they're getting rid of our command history. We may at least have a point in time that we can work back to, with respect to finding them and figuring out what is going on. So with that in mind, I want to thank you for your time today, and I look forward to seeing you again soon