Microsoft 365 Defender Webinar: Monthly Threat Insights

On the third Wednesday of each month, the Microsoft Defender Threat Intelligence team will dive deep into a selected emerging threat as seen in threat analytics—the threat intelligence library available in the Microsoft 365 Defender portal. Using the threat analytics report that Microsoft security researchers and analysts authored, we will examine the threat’s history, popular and new attack techniques mapped to the MITREATT&CK Framework, its behavior and impact to your organization, detection details and mitigation recommendations. We will also dig into advanced hunting queries that you can use to investigate this threat even further. Join us for this detailed monthly analysis of prominent or ongoing threat campaigns.

0:00 – Introduction
2:27 – Sysrv Botnet Overview
5:51 – Initial Access
8:27 – Windows Infection Chain for Oracle WebLogic
14:46 – Windows Infection Chain for PostgreSQL
18:43 – Linux Infection Chain
25:20 – Mitigations – Initial Access
27:06 – Demo
44:58 – Advanced Hunting – Windows
46:42 – Outro

#MicrosoftSecurity