8 hours 28 minutes

Video Transcription

hello and welcome to another application of the minor attack framework discussion today. We're looking at our case study on ex filtration, focusing on sneaky bits of data. So what are some potential ex filtration methods? Well, this is just, ah, high level. Look
at some things to consider here when we look at data exfiltration.
And so in some cases, data can be encoded into something like based 64. Prior to sending that out, protectors may have a custom manipulation where they encode data in an attempt to avoid detection or raise a flag on that information. If it is seen
now, they can also use things like ssh tunnels to connect out to a command and control server so they can then send that information over an encrypted channel with the hopes again of not being detected. Now, the other thing to consider,
if you use things like Dropbox one Dr Google Drive, drive this drive that drive me home, anything that you used to store data
that maybe has a free trial gives you, you know, 10 15 gigs free. If those repose can be accessed from your network, then a threat actor in theory could use those drives or those areas to load the data up and then collect it from another location.
So controlling these types of applications is going to be critical when it comes to protecting your data sets and ensuring they're not uploaded to public reposed that could then put the information at risk. So some things to consider.
What controls are you using today to help block on one of data? Exfiltration. What does that look like? Are you blocking things like Google Drive one Dr. Are you blocking FTP connections out
right? Are you doing anything of that nature? Would you know if a threat actor or employee was removing data from your network?
So it's not always about threat actors. There could be some risk from within disgruntled employees, someone who didn't get the raise they were expecting someone who's put a lot of hard work into a project and feels that they didn't get enough recognition for that. So now they're going to move it off site to keep it tucked away for something else.
If you don't know those things, I mean, how are you going to control your information or protect your intellectual property
and What could you change today to reduce the risk of ex filtration? Maybe review some firewall rules, block outbound ssh connections, block out down FTP connections, bought
connections to data repose like one drive Google docks? Who will drive
Dropbox anything of that nature if it's not managed by the business and it's not within the control of the business or if it's not necessary for day to day operations, it maybe could be considered, you know, not necessary. And it could be blocked or, you know, prevented on the network.
So with that in those considerations, I want to thank you for your time today, and I look forward to seeing you again soon.

Up Next

Application of the MITRE ATT&CK Framework

This MITRE ATT&CK training is designed to teach students how to apply the matrix to help mitigate current threats. Students will move through the 12 core areas of the framework to develop a thorough understanding of various access ATT&CK vectors.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica