Download the Notebook 👉 github.com/archanchoudhury/Ransomware-Hunt Human Operated Ransomware (HORA) threat groups are growing in number and strength every day. Today is Day 10 of our Threat Hunting series and, we will will cover the evolution of, tactics inherent to, and threats associated with HORA. We will provide "quick wins" that you can implement now to protect yourself against this ugly threat. We will mainly focus on what to do if ransomware is running *right now*, along with what to do when ransomware has run and the outlook is bleak. We will show what are the best possible ways to hunt for the probable IOA of ransomware attack and how can you document and run your hunt against your network to identify if you are also under attack. Encrypting all your files is a ransomware actors' final objective. But when the frantic helpdesk calls start coming in, can you quickly identify all impacted devices? Can you determine if data exfil and extortion are part of the attack? Can you tell if they destroyed your backups? This talk will cover common ransomware gang "hands on keyboard" techniques for stealing your data, disabling defenses, and making your data and devices resistant to recovery. Participants will take away hunt logic which can be employed right away for early detection and rapidly scoping a ransomware compromise. So watch the full episode and leverage the notebook to strategies your hunt technique. WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!! ------------------------------------------------------------------------------------------------------------------------- INCIDENT RESPONSE TRAINING Full Course 👉ruclips.net/p/PLj... DFIR Free Tools and Techniques 👉 ruclips.net/p/PLj... Windows and Memory Forensics 👉 ruclips.net/p/PLj... Malware Analysis 👉 ruclips.net/p/PLj... SIEM Tutorial 👉 ruclips.net/p/PLj... Threat Hunt & Threat Intelligence 👉 ruclips.net/p/PLj... Threat Hunt with Jupyter Notebook👉 ruclips.net/p/PLj... 📞📲 FOLLOW ME EVERYWHERE- ------------------------------------------------------------------------------------------------------------------------- ✔ LinkedIn: www.linkedin.com/company/blac... ✔ You can reach out to me personally in LinkedIn as well- bit.ly/38ze4L5 ✔ Twitter: @blackperl_dfir ✔ Git: github.com/archanchoudhury ✔ Insta: (blackperl_dfir)instagram.com/blackperl_d... ✔ Can be reached via archan.fiem.it@gmail.com
Good one.. Please, make playlist/tutorials on 1. Microsoft 365 defender, sentinel Azure ATP portal setup and how to investigate and all 2. threat hunting using Kql.
Hi Shreya, Thanks for reaching out. This is Archan and not Arpan. 😁 Yep, our JAVA boss is SM Sir. Hope all is well there at our College. Reach out to me on LinkedIn if you have any doubts, queries. Does our College organize any tech talks? Let me know I can go and have sessions one day with all of you folks..
hi, I am try to understand ransomware attack so I have setup a lab of ELK cloud connected to vm having sysmon but I search for event code in your videos but no result I am clue less how to prove that attack happen which log to see after attack. In VM ransomware has already executed can you provide some help to hunt which log to show in report
Download the Notebook 👉 github.com/archanchoudhury/Ransomware-Hunt
Human Operated Ransomware (HORA) threat groups are growing in number and strength every day. Today is Day 10 of our Threat Hunting series and, we will will cover the evolution of, tactics inherent to, and threats associated with HORA. We will provide "quick wins" that you can implement now to protect yourself against this ugly threat. We will mainly focus on what to do if ransomware is running *right now*, along with what to do when ransomware has run and the outlook is bleak. We will show what are the best possible ways to hunt for the probable IOA of ransomware attack and how can you document and run your hunt against your network to identify if you are also under attack.
Encrypting all your files is a ransomware actors' final objective. But when the frantic helpdesk calls start coming in, can you quickly identify all impacted devices? Can you determine if data exfil and extortion are part of the attack? Can you tell if they destroyed your backups? This talk will cover common ransomware gang "hands on keyboard" techniques for stealing your data, disabling defenses, and making your data and devices resistant to recovery. Participants will take away hunt logic which can be employed right away for early detection and rapidly scoping a ransomware compromise.
So watch the full episode and leverage the notebook to strategies your hunt technique.
WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!
-------------------------------------------------------------------------------------------------------------------------
INCIDENT RESPONSE TRAINING Full Course 👉ruclips.net/p/PLj...
DFIR Free Tools and Techniques 👉 ruclips.net/p/PLj...
Windows and Memory Forensics 👉 ruclips.net/p/PLj...
Malware Analysis 👉 ruclips.net/p/PLj...
SIEM Tutorial 👉 ruclips.net/p/PLj...
Threat Hunt & Threat Intelligence 👉 ruclips.net/p/PLj...
Threat Hunt with Jupyter Notebook👉 ruclips.net/p/PLj...
📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ LinkedIn: www.linkedin.com/company/blac...
✔ You can reach out to me personally in LinkedIn as well- bit.ly/38ze4L5
✔ Twitter: @blackperl_dfir
✔ Git: github.com/archanchoudhury
✔ Insta: (blackperl_dfir)instagram.com/blackperl_d...
✔ Can be reached via archan.fiem.it@gmail.com
Good one..
Please, make playlist/tutorials on
1. Microsoft 365 defender, sentinel Azure ATP portal setup and how to investigate and all
2. threat hunting using Kql.
Thank you. Sure, I will plan
So much valuable information, Thanks!
Thank you
Thumbnail e Day same position e thakle bhalo hoy.
Hii arpan dada.. I am also from future... SM sir recommend us your channel to get help in cyber ... Keep it up
Hi Shreya, Thanks for reaching out. This is Archan and not Arpan. 😁
Yep, our JAVA boss is SM Sir. Hope all is well there at our College. Reach out to me on LinkedIn if you have any doubts, queries. Does our College organize any tech talks? Let me know I can go and have sessions one day with all of you folks..
hi, I am try to understand ransomware attack so I have setup a lab of ELK cloud connected to vm having sysmon but I search for event code in your videos but no result I am clue less how to prove that attack happen which log to see after attack. In VM ransomware has already executed can you provide some help to hunt which log to show in report
Good one, Thanks 👍
Thank You
can you please also help in dark web hunting
Fabulous one..
Thank You