<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1703665079923990&amp;ev=PageView&amp;noscript=1">

Cyberattack Series: Security in Action

We put our cybersecurity to the test against real-world attack scenarios. Get a behind the scenes look at our security experts and technology in action against these seven attacks:

Watch the Cyberattack Series Webinar on demand.

 

 

Cyberattack Series GIF - 2MB

 

 

Get the Cybersecurity Advice You Need

If you're not confident that your organization would be secure against every attack we show below (and more) then you're at risk.
Schedule your free 20-minute consultation with a cybersecurity expert to talk through where you're at and what your next steps should be. 
 
You have 99 problems but a breach shouldn't be one of them!
 
 
SCHEDULE MY CONSULTATION

GamePlan1_White

 

Blog  /  Cyberattack Roster: What You're Up Against in the Threat Landscape

Cyber criminals have no off season. This post contains some of the most popular attack tactics and techniques your organization should be prepared to defend against.

 

READ THE ROSTER

SECURITY IN ACTION

 

Phishing  +  Command & Control (C2)

To kick off the Cyberattack Series, we've combined Phishing and Command & Control. There's no doubt that you've experienced phishing, but what happens when the bad guy's attack is successful?

The next step can often be to establish a connection between your network and theirs with a technique called Command & Control (C2).

 

 

WATCH  Cyberattack Series: Phishing + C2

LP-Blog-Images-1PhishingC2

READ  Phishing and Command & Control:

How Cyber Attackers use Emails to Gain Control

 

Regsvr32  +  User Account Control (UAC) Bypass

Regsvr32 is a command line utility for Windows OS and is a functionality that your adversaries may take advantage of to avoid triggering security tools. That's bad enough, but what happens after that? Windows User Account Control (UAC) allows programs to elevate their privileges to perform a task under admin-level permissions, and attackers can use this to their advantage as well. 

 

 

 

WATCH  /  Cyberattack Series: Regsvr32 + UAC Bypass



mimikatz feature image

READ LOLBins: How Cyber Attackers

Bypass Traditional Security Defenses

 

Mimikatz

 

Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs, and Kerberos tickets. 

This makes post-exploitation lateral movement within a network easy for attackers. Trust us, you don't want anything to be easy for attackers.

 

 

WATCH  Cyberattack Series: Mimikatz

mimikatz feature image

READ  Mimikatz: How Cyber Attackers Harvest Credentials Post-Exploitation

 

Brute Forcing (Passwords)

A brute force attack is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies. Just as a criminal might break into, or "crack" a safe by trying many possible combinations, a brute force attacking application proceeds through all possible combinations of legal characters in sequence. Yikes, they must really want what you have!

 

 

 

WATCH  /  Cyberattack Series: Brute Force

brute force feature image

READ Brute-Forcing: The Inelegant but Effective Way Attackers Crack Your Passwords

 

 

NMAP Recon

NMAP (Network Mapper) is a network discovery, analysis, and auditing tool utilized by both network defenders and network attackers. This flexible tool has become a critically acclaimed and well-supported cyber tool. Using NMAP, we can perform network sweeps to discover available hosts on the network, effectively “mapping” the network topology. This would be great for auditing purposes, but also valuable information for a hacker. NMAP is also a port scanner, which allows network admins (and attackers) to identify open ports and running services on a network or individual critical systems.

 

 

WATCH  /  Cyberattack Series: NMAP Scanning

NMAP feature image

READ  Cyberattack Game Plan: How Attackers Choose Their Targets & Plan Their Attack

 

Ransomware

The concept behind ransomware, a well-known form of malicious software, is quite simple: Lock and encrypt a victim’s computer data, then demand a ransom to restore access. In many cases, the victim must pay the cyber criminal within a set amount of time or risk losing access forever. Since we’re dealing with criminals here, paying the ransom doesn’t ensure access will be restored.

Ransomware is essentially the online form of the bully’s game of keep-away.

 

 

WATCH  /  Cyberattack Series: Ransomware

ransomware feature image


READ Ransomware: How Cyberattackers Turn Hacking into Profit

 

 

USB Rubber Ducky

Imagine you could walk up to a computer, plug in a seemingly innocent USB drive, and have it install a backdoor, exfiltrate documents, steal passwords or any number of penetration testing tasks. All of these things can be done with many well-crafted keystrokes. If you could just sit in front of this computer, with photographic memory and perfect typing accuracy, you could do all of these things in just a few minutes.

The USB Rubber Ducky does this in seconds. It violates the inherent trust computers have in humans by posing as a keyboard - and injecting keystrokes at superhuman speeds.

 

 

WATCH  /  Cyberattack Series: Rubber Ducky

rubber ducky feature image

READ  The Rubber Ducky: Cyber Meets Physical with This Small Hacking Tool

 

GamePlan1_Dark

 

Blog  /  Cyber Defense Roster: Your key players in the fight against cyberattacks

Cyber criminals have no off season, and neither should your security. Check out our lineup of the cybersecurity solutions that team up to be your offense and defense.

 

READ THE ROSTER

 

Opponents_FootballHelmets-Blues

 

Watch the Cyberattack Webinar

Take a deeper dive into the top three attacks voted on by the Cyberattack Series viewers:
 
 
Learn more about how to stay a step ahead of these popular threats. 
 
 
 
 
© 2024 Ascend Technologies