Brutal Awakening: How Threat Actors Leverage Commercially Available Malware скачать в хорошем качестве

Brutal Awakening: How Threat Actors Leverage Commercially Available Malware

On May 19, 2022, Unit 42 discovered Brute Ratel, a commercially available penetration testing and adversary emulation framework specifically designed to evade modern cybersecurity protections. It had cleverly evaded detection across all vendors on VirusTotal. Here, Michael Sikorski, CTO & VP Engineering, Unit 42 Palo Alto Networks, shares about the research, malware analysis, and the industry response to this work. In this video, you'll learn: 3:41 - Anatomy of Successful Attacks 5:43 - Unit 42 discovers Brute Ratel 10:45 - Brute Ratel C4 (BRc4) 15:52 - From Click to Brute: Execution Chain 19:11 - Pivoting OneDrive.Update = Badger_x64.exe 20:52 - Protections and Mitigations 22:15 - Industry Coverage 3 Weeks Later 27:58 - Conclusion Threat actors, including nation-states, love using freely and commercially available tools to meet their objectives. We see this with the proliferation of Cobalt Strike by attackers. Not only was it notoriously used in the SolarWinds attacks by Cloaked Ursa (a.k.a. APT29, Cozy Bear), we continue to see it used. In fact, over 5% of Unit 42’s Incident Response engagements are in response to an attacker using Cobalt Strike. Want to get technical? Read the threat report: https://unit42.paloaltonetworks.com/b... #Unit42 #CobaltStrike #SolarWinds ✅Subscribe: @PaloAltoNetworksUnit42 Join the conversation on our social media channels: Website: https://www.paloaltonetworks.com/unit42 Blog: https://unit42.paloaltonetworks.com/ Facebook:   / lifeatpaloaltonetworks   LinkedIn:   / unit42   YouTube: /@PaloAltoNetworksUnit42 Twitter:   / paloaltontwks   Under attack? Get immediate IR support from Unit 42: https://start.paloaltonetworks.com/co....