8 hours 39 minutes
hello and welcome to another application of the minor attack framework discussion today. We're looking at data compressed data compression as a means for moving information outside of the organization. Ex filtration. So
the objectives of today's discussion are to look at the term data compressed within the context of the matter attack framework,
some mitigation techniques and some detection techniques as well. So let's go ahead and jump right in. So data compressed in minor is when a threat actor will compress data that is collected prior to ex filtration To minimize the amount of data sent over the network,
it could be done with custom programs or common compression vintage such a seven zip rar, zip and Z lib.
All of these you should likely or would likely be aware of in just kind of general use cases. Now, mitigation techniques is what we're jumping right into. From that standpoint,
we can use that work intrusion prevention, the block specific file types. We can also block those file types, maybe through other means, such as our firewall or our mail gateway,
and keep them from leaving the network over unencrypted channels. Now a threat actor may use attempts other attempts to bypass that, such as encrypting the channel in which they are sending traffic out unless your devices can decrypt traffic and they have that capability, which is generally painful to set up. But it could be something that you're doing.
It may not see those final types being sent out of the network.
Detection techniques here are again going back to monitoring from command line arguments and other activities dealing with compression utilities. There is a normal use case for these and day to day business activity, but it never hurts to have some mechanism set up to especially evaluate that from a command line standpoint. Because general users
day to day users aren't going to be doing that. The command line, they're going to be doing it through
the utility itself. Now with that, let's do a quick check on learning true or false data. Compression is when the Threat actor encrypts information to make the payload smaller.
All right, well, if you need additional time, please pause this video so data compression is not. When a threat actor encrypt information to make the payload smaller. It's when they compress the information to make the information smaller to make the data set smaller so that they can more easily send it outside of the network.
So this is a false statement as it is written.
So with that in mind, let's jump into our Some referred today's discussion. We described and looked at data compressed as it is written in the minor attack framework. We looked at mitigation techniques and we talked detection techniques. Aziz, Well, again, some of these activities a little bit harder to find and note
eso really taking
some controls above and beyond our standard things like antivirus network intrusion, prevention to kind of combat, some of the sneaky ways that threat actress will attempt to remove information from our environment. So with that in mind, I want to thank you for your time today, and I look forward to seeing you again soon.