Start covering your bases & Stop chasing APT headlines

Track: Security

Abstract

Cognitive biases affect us in many ways, even in cyber security: we often focus on the recent technical buzz or address a new sensational hacking campaign that was discovered. But the fact of the matter is that network breaches and ransom attacks that happen every day, are by large executed using well-known techniques, tools and procedures.

This is why we are presenting a “run-of-the-mill” simulation of a full network breach, from initial access, to discovery, lateral movement and finally exfiltration. Based on public DFIR reports, MITRE’s ATT&CK framework and common hacking tradecraft as covered by atomic red-team tests, we demonstrate how attackers execute such attacks, without the need for tailor-made and sophisticated tools or techniques.

In addition to showing the recorded simulation, we’ll discuss the importance of defense-in-depth and how you should place multiple different tripwires to stop network breaches. In particular, the significant role that network controls and detections can play in such cases.

Avishay Zawoznik

Avishay Zawoznik manages the content group in Cato’s security research department, carrying ten years of experience in different fields of network and web security. Avishay specializes in network-based and application-based attack research, keeping up with the latest security publications, analyzing and implementing ways to detect and mitigate potential threats, focusing on a data-oriented approach provided by Cato’s cloud network, and looking at variants of exploits seen in the wild.