<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1703665079923990&amp;ev=PageView&amp;noscript=1">

Cyberattack Series: Security in Action

We put our cybersecurity to the test against real-world attack scenarios. Get a behind the scenes look at our security experts and technology in action against these seven attacks:

Watch the Cyberattack Series Webinar on demand.



Cyberattack Series GIF - 2MB



Get the Cybersecurity Advice You Need

If you're not confident that your organization would be secure against every attack we show below (and more) then you're at risk.
Schedule your free 20-minute consultation with a cybersecurity expert to talk through where you're at and what your next steps should be. 
You have 99 problems but a breach shouldn't be one of them!



Blog  /  Cyberattack Roster: What You're Up Against in the Threat Landscape

Cyber criminals have no off season. This post contains some of the most popular attack tactics and techniques your organization should be prepared to defend against.





Phishing  +  Command & Control (C2)

To kick off the Cyberattack Series, we've combined Phishing and Command & Control. There's no doubt that you've experienced phishing, but what happens when the bad guy's attack is successful?

The next step can often be to establish a connection between your network and theirs with a technique called Command & Control (C2).



Regsvr32  +  User Account Control (UAC) Bypass

Regsvr32 is a command line utility for Windows OS and is a functionality that your adversaries may take advantage of to avoid triggering security tools. That's bad enough, but what happens after that? Windows User Account Control (UAC) allows programs to elevate their privileges to perform a task under admin-level permissions, and attackers can use this to their advantage as well. 




WATCH  /  Cyberattack Series: Regsvr32 + UAC Bypass



Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs, and Kerberos tickets. 

This makes post-exploitation lateral movement within a network easy for attackers. Trust us, you don't want anything to be easy for attackers.



Brute Forcing (Passwords)

A brute force attack is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies. Just as a criminal might break into, or "crack" a safe by trying many possible combinations, a brute force attacking application proceeds through all possible combinations of legal characters in sequence. Yikes, they must really want what you have!



NMAP Recon

NMAP (Network Mapper) is a network discovery, analysis, and auditing tool utilized by both network defenders and network attackers. This flexible tool has become a critically acclaimed and well-supported cyber tool. Using NMAP, we can perform network sweeps to discover available hosts on the network, effectively “mapping” the network topology. This would be great for auditing purposes, but also valuable information for a hacker. NMAP is also a port scanner, which allows network admins (and attackers) to identify open ports and running services on a network or individual critical systems.



The concept behind ransomware, a well-known form of malicious software, is quite simple: Lock and encrypt a victim’s computer data, then demand a ransom to restore access. In many cases, the victim must pay the cyber criminal within a set amount of time or risk losing access forever. Since we’re dealing with criminals here, paying the ransom doesn’t ensure access will be restored.

Ransomware is essentially the online form of the bully’s game of keep-away.



WATCH  /  Cyberattack Series: Ransomware


USB Rubber Ducky

Imagine you could walk up to a computer, plug in a seemingly innocent USB drive, and have it install a backdoor, exfiltrate documents, steal passwords or any number of penetration testing tasks. All of these things can be done with many well-crafted keystrokes. If you could just sit in front of this computer, with photographic memory and perfect typing accuracy, you could do all of these things in just a few minutes.

The USB Rubber Ducky does this in seconds. It violates the inherent trust computers have in humans by posing as a keyboard - and injecting keystrokes at superhuman speeds.



WATCH  /  Cyberattack Series: Rubber Ducky



Blog  /  Cyber Defense Roster: Your key players in the fight against cyberattacks

Cyber criminals have no off season, and neither should your security. Check out our lineup of the cybersecurity solutions that team up to be your offense and defense.






Watch the Cyberattack Webinar

Take a deeper dive into the top three attacks voted on by the Cyberattack Series viewers:
Learn more about how to stay a step ahead of these popular threats.