Threat Hunting - Using MITRE ATT&CK Against Carbanak Malware

Explore threat hunting techniques using the MITRE ATT&CK Framework in this 51-minute conference talk from BSidesSF 2022. Dive into the practical application of the framework against the 'Carbanak' backdoor, a malware specifically designed for banking applications. Learn about various threat hunting models, including Intelligence, Situational, and Hypothesis-based approaches. Examine MITRE ATT&CK v11.0 Tactics and TTP examples, and understand how attacks work through different stages such as Initial Access, Execution, Command & Control, Exfiltration, and more. Gain insights into mitigating phishing attempts, deploying toolkits for defense evasion, privilege escalation, lateral movement, and discovery of privileged users. Discover techniques for maintaining persistence on privileged accounts, establishing covert access, and impersonating victims. Enhance your cybersecurity skills with this comprehensive exploration of threat hunting strategies and their practical implementation against sophisticated malware.

Threat Hunting: Using MITRE ATT&CK against Carbanak malware
Threat Hunting - Why?
Intelligence - Threat Hunting Model
Situational - Threat Hunting Model
Hypothesis - Threat Hunting Model
MITRE ATT&CK v11.0 Tactics
TTP Example
Attack working
MITRE Initial Access
Phishing mitigation
MITRE Execution
Command & Control Execution Exfiltration
Deploy Toolkit (Defense Evasion)
Privilege Escalation
Lateral Movement
Discovery of privileged user
Persistence on privileged account
Covert access and victim profile
Impersonate Victim