Scribd
Upload
41 views

Cisco - Ciso V2

The document discusses cyber threat intelligence and the advanced threat analysis group AKIRA. It covers topics like threat hunting, incident response, initial access brokers, tools and techniques used by adversaries like RDP, ransomware analysis, bitmap reconstruction, living off the land attacks, and countermeasures.

Uploaded by

Kolhapur ANA
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
41 views

Cisco - Ciso V2

The document discusses cyber threat intelligence and the advanced threat analysis group AKIRA. It covers topics like threat hunting, incident response, initial access brokers, tools and techniques used by adversaries like RDP, ransomware analysis, bitmap reconstruction, living off the land attacks, and countermeasures.

Uploaded by

Kolhapur ANA
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 12

Cyber Threat Intelligence (CTI)

&
AKIRA- Advanced Threat Analysis
AGENDA

1 2 3 4
Cyber Threat Intelligence Threat Hunting & Initial Access Broker Tools & Techniques Used
Incident Response (IAB) By Akira Adversaries

6 7 8
RDP Bitmap Reflective Injection & Countermeasures
Reconstruction Living off the Land Attacks
WHAT IS THREAT INTELLIGENCE

Threat intelligence involves gathering, processing, and scrutinizing data to comprehend


the motives, targets, and tactics of threat actors. This information empowers us to swiftly
make well-informed security choices, transitioning from reactive to proactive measures in
combating threat actors.
THREAT HUNTING & INCIDENT RESPONSE
INITIAL ACCESS BROKER (IAB)
TOOLS & TECHNIQUES USED BY ADVERSARIES

NATIVE TOOLS TECHNIQUES

 RDP  Living of the Land Attacks

 Rclone  Reflective Injection Attacks

 CMD  Initial Access Broker

 PowerShell
 Microsoft RDP
 Windows Management Instrumentation
 Any Desk
RDP BITMAP RECONSTRUCTION
LIVING OFF THE LAND ATTACK (LOTL)
AKIRA RANSOMWARE - DETAILED ANALYSIS

For more Insights, Scan the below QR


Code
COUNTERMEASURES
 Adopt and Integrate Cyber Threat Intelligence Feeds to your SIEM
 Implement network segmentation to limit the spread of malware within the network.
 Combatting Living Off the Land Attacks
 PowerShell – Disable or Include Command Line Parameters
 Software Asset Management
 User Behavior Analytics
 Credential Management
 Follow Principle of Least Privilege
 Implement strong password policies and implement Microsoft LAPS
 Network Segmentation (IT & OT Networks)
 Multi-Factor Authentication
 Engage Red Team, Threat Hunters and VAPT Experts
CISCO TALOS
Thank You

You might also like