Time
8 hours 28 minutes
Difficulty
Beginner
CEU/CPE
10

Video Transcription

00:00
hello and welcome to another application of the minor attack framework discussion today. We're going to be looking at defacement now. The objective really of the discussion is just to give you a high level understanding of what effacement is with respect to network infrastructure and technology,
00:17
some mitigation techniques and detection techniques as well.
00:21
So defacement per the minor attack framework comes in two flavors, internal or external, and in this win, a threat actor may modify visual content available in other of those areas to an enterprise network. Reasons can include delivery of a message claiming credit for an intrusion or just to be
00:38
*** right. I mean, internal impact can include changing internal forms or posting disturbing content to internal sites to attempt to get organizations to comply with the request. The more uncomfortable I make you, hopefully the more quickly you're going to give me Bitcoin to go away. External can be defacement of a website or other externally facing
00:58
resource
00:59
mitigation activities here are really going to be conducting regular backups of systems so that when something is impacted, you can quickly reverted back to its original state. But one would have to ask you know if the Threat actor is still present, that they just won't change the system again.
01:15
Detection here could be monitoring internal and external sites for unplanned changes so that you could act as quickly as possible when those things come up.
01:23
So with that, let's do a quick check on learning. True or false defacement is when a site, internally or externally, is changed to some other content, possibly disturbing without approval.
01:37
All right, well, if you need additional time to answer this question, please pause the video. In this case, this is a true statement. Defacement is when we take a sight inside or out and make changes to its content without approval to disturb, make intimidated or anything of the above two
01:56
the owners of that site.
01:59
So in summary of today's discussion, we looked at and described effacement. We looked at mitigation techniques, and we describe detection techniques as well. And with that, I want to thank you for your time today, and I look forward to seeing you again soon.

Up Next

Application of the MITRE ATT&CK Framework

This MITRE ATT&CK training is designed to teach students how to apply the matrix to help mitigate current threats. Students will move through the 12 core areas of the framework to develop a thorough understanding of various access ATT&CK vectors.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor