Examining DFIR Techniques to Optimize Incident Response for the PrintNightmare Attack and Cobalt Strike

Webinar Registration

It’s one thing to realize you have become the victim of a vulnerability-based attack. It’s entirely another thing to know this in a timely manner where you have insightful context empowering you to do something about it to both remediate the current threat actions and mitigate any further actions from taking place. Being able to quickly piece together digital artifacts left on file systems, within the Registry, in memory, or within system logs is an imperative part of any digital forensics and incident response (DFIR) effort.

Attacks like the recent PrintNightmare vulnerability – which included both remote code execution and elevation of privileges – involved not one, but three CVEs and related patches and affected millions of Windows desktop and server operating systems worldwide. Attacks using this vulnerability had the potential to provide threat actors with unfettered access to compromised systems, with tools like Cobalt Strike used for remote access and engaging in further threat actions.

So, how can you use DFIR techniques to use digital artifacts to identify attacks early and stop them from continuing?

In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat, and will first cover:

Common digital forensics capabilities, artifacts, and processes
How DFIR fits into your security strategy
A brief primer on PrintNightmare and Cobalt Strike

Nick will then be joined by Zach Paul and Eric Van Tyne, Senior IR Consultants from Rapid7, who will showcase the free open source DFIR solution, Velociraptor, demonstrating common DFIR techniques that will improve the efficiency and effectiveness of your forensics and response efforts.

Zach will first cover Velociraptor and walk through a PrintNightmare use case, identifying impacted systems using collected digital artifacts. Then Eric will use Velociraptor and walk through an attack involving Cobalt Strike. The goal is to demonstrate how you can use open source tools to successfully investigate and address attacks.

This real training for free event will be jam packed with technical detail and real-world application. Register today!

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.