🔴 Active Ransomware Incident Response Day in the Life

preview_player
Показать описание
Want to know what its really like when you get called into a business that is fully owned by #Ransomware ?

Who do you talk to first?
What's the first question you'd ask?
How do you deal with the adrenaline of being on the clock against cyber criminals?

Join #SimplyCyber as we welcome Eric Taylor, CEO of Barricade Cyber Solutions and Senior Incident Response Engineer who lives his life in the FIRES of ransomware.

Live engagement, ask your questions, leave with knowledge

#cybersecurity
  1. Gerald Auger, PhD - Simply Cyber
  2. cybersecurity
  3. information security
  4. career
  5. cyber
  6. security
Рекомендации по теме
🔴 Active Ransomware 1:01:24

🔴 Active Ransomware Incident Response Day in the Life

Handling Ransomware Incidents: 0:57:53

Handling Ransomware Incidents: What YOU Need to Know!

Ransomware Attack Simulation 0:09:39

Ransomware Attack Simulation

Ransomware Incident Response 0:40:58

Ransomware Incident Response - The Real-World Story of a Ransomware Attack

Strategies for Active 0:32:35

Strategies for Active Defense against Pre-Ransomware and Ransomware Attacks

Learning to Combat 0:59:38

Learning to Combat Ransomware

Detecting & Hunting 1:21:16

Detecting & Hunting Ransomware Operator Tools: It Is Easier Than You Think!

SANS 2021 Ransomware 1:01:57

SANS 2021 Ransomware Detection and Incident Response Report

How to Investigate 0:05:35

How to Investigate a Ransomware Attack

Incident Response for 1:30:49

Incident Response for Ransomware Attacks

AusCERT2023 - Ransomware 0:38:00

AusCERT2023 - Ransomware Crisis Simulation with You in Control - Gavin Brown

Top 5 ICS 0:59:47

Top 5 ICS Incident Response Tabletops and How to Run Them

SOC 101: Real-time 0:12:30

SOC 101: Real-time Incident Response Walkthrough

Dealing with a 0:10:01

Dealing with a Ransomware Attack: A full guide

Ransomware incident response 0:43:39

Ransomware incident response plan | Cybersecurity leadership

Threat Detection & 0:45:56

Threat Detection & Active Response With Wazuh

Hunting Human Operated 0:27:14

Hunting Human Operated Ransomware Operators | 2020 Threat Hunting & Incident Response Summit

What You Should 0:28:29

What You Should Know About Ransomware and Developing Incident Response Plans

The Truth about 1:26:09

The Truth about Ransomware: Its not Complicated!

Cyber Alerts & 0:01:26

Cyber Alerts & Tips - Active ransomware campaign leveraging remote access technologies

Living with Ransomware 0:31:42

Living with Ransomware - The New Normal in Cyber Security

How the Arctic 0:02:58

How the Arctic Wolf® Platform Stops Active Ransomware

Cybersecurity Threat Hunting 0:06:51

Cybersecurity Threat Hunting Explained

Incident Response: What 0:38:02

Incident Response: What should you do when hit with Ransomware?

Комментарии
Автор

What a great conversation. I wish I didn't have to sleep, I just can't learn this fast enough. Thanks so much for the great content!

CyberFraudDawg
Автор

Just 1.7K views? Fk, this information is amazing and that should viral.

diegoperez
Автор

I would be very careful advising clients on their cyber coverages as a non-insurance professional (licensed and whatnot).

It’s one thing to unofficially, non-professionally discuss the policy but can end up falling back on you as the cyber expert if the client assumed their policy provided coverage that the insurer denied because you told them it would be covered. Ofc it’s all dependent on your relationship w/ the client but just be wary Especially in this area of insurance that’s still sort of being worked out by carriers. It’s all kinda wonky rn.

jbrandona
Автор

incident response sounds dreadful i dont want anything to do with it if possible

trblmkr
Автор

What if you pay and the attacker don’t send you the key?

fetz
Автор

I find this IR response is severely lacking. At no point did he talk about hardening the active directory and evicting the attacker from persistence in active directories such as the SD holder or plethora of other ways the attackers maintain persistence. There was no talk about hardening using tiering and implementing laps or anything of that sort. And why in God's name would you remote directly into the customer's domain controller? You want to find a domain controller that has not been compromised if possible and do a complete Forest build from that domain controller and then reset the rid 500 account multiple times and reset the identities for all service accounts and reset the password for literally every account. None of this was talked about in this incident response Day in the life of. I say skip these guys and call Microsoft dart team. They do all of this stuff routinely.

AlienWarTycoon