Dissecting an Iranian Nation State Interactive Intrusion - Watching Kittens at Play

Explore a detailed analysis of an Iranian nation-state interactive intrusion in this conference talk from BSides SATX. Gain insights into how state-nexus threat actors operate within system constraints and learn to uncover adversarial tradecraft in your own environment. Delve into the CrowdStrike SEARCH methodology for threat hunting, examine high-level trends observed by Falcon OverWatch, and understand the balance between attribution and threat hunting operations. Walk through a real-world intrusion case study, focusing on discovery techniques, lateral movement strategies, persistence mechanisms, and credential access methods employed by PIONEER KITTEN. Acquire actionable threat hunting techniques for detecting nation-state adversarial activities and understand the importance of leveraging multiple data sources to validate suspicious activities.

2022-06-18, 11:00–, Track 1 UC Conference Rm A