Video On Demand
EvilGinx-ing Into AWS Cloud: How Expel Detected a Sophisticated Red Team Attack
Bruce Potter
Bruce Potter
Runtime: 16:08
Brought to you by:
If your organization uses multifactor authentication (MFA) to protect your software and data in the cloud, it’s not enough to keep attackers out. Expel, a SOC-as-a-service that offers 24x7 monitoring, detection and response for cloud, hybrid and on-premises environments, recently chased a red team through a public cloud. The attackers bypassed the identify provider and managed to maintain persistent access through an increasingly popular phishing technique using “man in the middle” to steal MFA tokens. Thanks to some Expel custom detections and the CrowdStrike Falcon platform, analysts stopped the bad actors in their tracks and took back the keys to the customer’s (cloud) kingdom. Join Expel CISO Bruce Potter as he talks about this sophisticated red team exercise and explains how Expel analysts found and stopped the attackers in the public cloud. You'll also receive some tips and tricks for using CrowdStrike Falcon to detect malicious activity inside popular cloud provider services.

Related Videos

Threat Hunting & Incident Response Elevate Your Game: Creating Tabletop Exercises that Actually Improve Your Team
Multiple Speakers CrowdStrike 27:44
Threat Hunting & Incident Response Tales From the Crypt 2020: Case Studies in Ransomware
Multiple Speakers CrowdStrike 16:12
Threat Hunting & Incident Response Drinking from the Tap: Network Security Monitoring
Multiple Speakers CrowdStrike 23:54