Threats from the Wild - Episode 2: HAFNIUM/Exchange Aftermath: Blue Team Perspective

In this session, Oleg Kolesnikov, VP of Threat Research at Securonix Threat Labs, will share:

• The latest technical insights into the HAFNIUM/Exchange attacks activity in the wild observed by the Securonix Threat Labs.
• A demonstration of the HAFNIUM/Exchange ProxyLogon/post-exploitation attack in action.
• Examples of some of the most relevant detection use cases and hunting queries.
• How to increase your chances of detecting this and future variants of these attacks in your environment.

Threats from the Wild - Episode 1: Detecting Future Variants of Sunburst

The SolarWinds/SUPERNOVA attack targeted the National Financial Center (NFC), an agency inside the U.S. Department of Agriculture that reportedly handles payroll for several government organizations, including the State Department, FBI, Treasury Department, and the DHS.

Today, we continue to see new variants of this attack used to evade publicly available detection techniques.

In this session, Oleg Kolesnikov will discuss the attack vectors and highlight techniques and recommendations to protect against the future variants of the attack, including:

• A demonstration of the original SUPERNOVA implant in action.
• A modified variant of the SUPERNOVA implant that can evade some of the public detection approaches.
• What the SolarWinds/SUPERNOVA attack might look like in your logs.
• How to increase the chances of detecting this and future variants of the attacks in your environment.