EDRs don't stop or detect Cobalt Strike. So, what will?

In this month's Security knowledge-sprint session we will cover how easy it is for threat actors to bypass EDR and some of the TTPs involved during living of the land attacks.

Threat actors often use Cobalt Strike, a tool turned weapon by malicious actors and its rich feature set lowers the technical barrier to entry for ransomware gangs. We are seeing more financially motivated threat actors using the same tool that was previously only available to nation-state threat operations. In this 30-minute sprint session our Secops team members will cover some demonstrations and examples to;                                                                    

  1. Understand how Cobalt Strike works and how it can be detected with Crystal Eye
  2. Identify the detection techniques that don't work and how EDR can be bypassed.
  3. Learn about the role good CTI and Crystal Eye's Automated Actionable Intelligence plays in mitigating attacks leveraging Cobalt Strike.
  4. Learn to understand the cyber kill chain and the stages of attack with these types of LOl threats.

Event Details

Where: Online via Demio

When: Thursday, 4th April 2024

Time: 11:30 AM - 12:30 PM AWST
            02:30 PM - 03:30 PM AEDT
            02:00 PM - 03:00 PM ACDT
            03:30 AM - 04:30 AM UTC

International Scheduling: 

EU Session - Thursday, 4th April 2024

Time: 12:00 PM - 01:00 PM CEST
          06:00 PM - 07:00 PM AWST
          09:00 PM - 10:00 PM AEDT
          08:30 PM - 09:30 PM ACDT
          10:00 AM - 11:00 AM UTC

US Session - Thursday, 4th April 2024

Time: 09:00 AM - 10:00 AM EDT
          09:00 PM - 10:00 PM AWST           
          12:00 AM - 01:00 AM AEST Next day
          11:30 PM - 12:30 AM ACST Next day
          01:00 PM - 02:00 PM UTC

Key Presenters

Ben Aylett - Product Manager at Red Piranha

Damien Peters - Cyber Security Engineer at Red Piranha

Adrian Gough - Pen Tester and Security Analyst at Red Piranha