State of the Hack: Behind the ATM Heist & Other Red Team Stories

Featured eBooks

The Government's Artificial Intelligence Reality
What’s Next for Federal Customer Experience
Cloud Smarter

Presented by FireEye FireEye's logo

On this episode, we got right into a bunch of new in-the-wild activity!

We discussed FIN6's shift to deploying enterprise ransomware, including their recent LOCKERGOGA campaigns. The recent DAYJOB/ShadowHammer supply chain compromises prompted some discussion around this trend and several hunting techniques. We covered our newly-released blog on the techniques that the attackers used to deliver the TRITON malware framework and how to hunt for them - as well as some background on our on-going response to that group at another critical infrastructure client.

We wanted to learn more about attacker creativity and their mindset by inviting a real-life adversary onto our show: Alyssa Rahman (@ramen0x3f) from our Red Team. She walks us through a comprehensive red team case study at a financial client that include compromising multi-factor systems, KeePass, and eventually ATMs. She chats about why our red team prefers phone-based social engineering as well as our Mandiant Red Team's release of CommandoVM and ADFSDump/ADFSpoof.