Pivoting from Linux to Windows: Using Behavior to Detect Intrusions Involving Edge Devices

Webinar Registration

Any Internet-facing device, appliance, server, or VM is fair game as an initial attack vector to a cyber attacker. They are readily accessible remotely and offer security teams little visibility into whether they are secure, under attack, or compromised.

Additionally, those devices running on a Linux kernel can prove to be valuable assets to an attacker: A Linux device can be made a stealthy persistent foothold from which to pivot and begin attacks on your Windows infrastructure, it can be used to assist in exfiltration, and just because it’s been patched doesn’t mean it hasn’t already been exploited and continues to provide access via web shell. All this while your security team may be unaware these devices are still compromised.

Attackers choosing to pivot and focus on gaining access to your Windows environment, historically expose themselves to detection through indicators of compromise (IoC) on the network, as well as within the Windows OS, applications, and Active Directory. But with many attackers working to hide their tracks, how can organizations detect attacks and trace them back to edge devices?

In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat, discussing:

The value of stealth and persistence during an attack
Why the initial foothold matters
Why attackers are seeking out edge devices when phishing attacks prevail

Nick will be joined by Ted Samuels, Incident Response Consultant and Jeff Gardner, Practice Advisor, Detection and Response, both from Rapid7. Ted will cover a real-word intrusion example where an Internet-facing device using Linux was the initial attack vector and the attacker pivoted to Windows to complete the attack. Ted will cover:

How edge devices can be compromised
Why an attacker would want to live on a *nix device?
What actions are taken when pivoting to Windows

Jeff will discuss:

Which detection and response methodologies yield the fastest and most accurate remediation?
Why User and Entity Behavior Analytics and Attacker Behavior Analytics are important as part of both your detection and response strategy
Is there still a place for IoCs?

This real training for free event will be jam packed with technical detail and real-world application. Register today!

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.