Tradecraft Tuesday - Thinking Like an Attacker - December 2019

Join us as we step into the minds of an attacker. We’ll spend time talking about how attackers look for their targets and execute their tradecraft. And the best part is we’ll be joined by Tom Lawrence from Lawrence Systems to discuss the tools and programs MSPs can leverage to limit their exposure. Some things we’ll talk about:

- Credential stealing → Knowing when to utilize SSO or MFA
- Attacker port scanning techniques → Your own scans to highlight exposure
- A live demo of how attackers will use port scans to launch their attacks → how to use your own scans to bring vulnerabilities to light and focus security action items
- A discussion on how attackers steal or brute force passwords → how to limit exposure by understanding when and where to best utilize SSO and MFA

Stay Connected:

Links to resources shared during this episode...

News:
(MSPs and MSSPs are a potential insider threat?)
(Ransomware at Colorado IT Provider Affects 100 Dental Offices)
(Snatch malware adds safe-mode reboot to bypass antivirus)

Tips if you are an MSP:
- Don’t expose RDP
- You have to have 2FA
- You need to audit and update your own infrastructure
- Test assumed breach: try and pivot from internal workstation

Topic Intro:
(t2 / 2016 - Learning the wrong lessons from Offense (Haroon Meer))

Internal Auditing:
(Hackers solve problems by starting broad)
- Urgent/11 Bugs - intitle:"SonicWall - Authentication"

Sources: