first look showcase · att&ck™ framework qualys security conference, 2018 december 6, 2018...
TRANSCRIPT
![Page 1: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/1.jpg)
18QUALYS SECURITY CONFERENCE 2018
Expanding our prevention, detection and response solutions
Marco Rottigni Chief Technical Security Officer, Qualys, Inc.
First Look Showcase
![Page 2: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/2.jpg)
Secure Enterprise Mobility
![Page 3: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/3.jpg)
Identity (X.509, Asset ID, Device ID) Device Hardware Network and Interactions Apps Analytics Security Posture
QSC Conference, 2018 3
Visibility
December 6, 2018
![Page 4: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/4.jpg)
December 6, 2018 QSC Conference, 2018 4
![Page 5: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/5.jpg)
December 6, 2018 QSC Conference, 2018 5
![Page 6: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/6.jpg)
December 6, 2018 QSC Conference, 2018 6
![Page 7: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/7.jpg)
Vulnerability Management Asset Lockdown Asset Hardening Enterprise Integrations
QSC Conference, 2018 7
Security
December 6, 2018
![Page 8: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/8.jpg)
Compliance Policies – On Enrollment – Continuous Monitoring Enforcement and Remedial Actions Policy Management Containerization
QSC Conference, 2018 8
Protection
December 6, 2018
![Page 9: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/9.jpg)
December 6, 2018 QSC Conference, 2018 9
![Page 10: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/10.jpg)
DIY Portal Audit Control Ownership (Corporate/BYOD) Transparency
QSC Conference, 2018 10
Privacy
December 6, 2018
![Page 11: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/11.jpg)
Feb 2019 – Closed Beta Multiple releases during 2019
QSC Conference, 2018 11
Roadmap
December 6, 2018
![Page 12: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/12.jpg)
Security Analytics & Orchestration
![Page 13: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/13.jpg)
13
Cross-Product Correlation
Additional Context from 3rd Party Sources
Detect KNOWN threats w/ out-of-box rules
Detect UNKNOWN threats Using Machine Learning
Hacker Behavioral Analytics
Predictive & Prescriptive SoC
Human Guided Policy-Driven Response
Playbooks for Bi-Dir Ecosystems Integration
BYOP- Bring-Your-Own-Playbook
Security Analytics & Orchestration
QSC Conference, 2018
Response &
Orchestration
Advanced Analytics
Correlation &
Enrichment
![Page 14: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/14.jpg)
14
Threat Hunt Search | Exploration | Behavior Graph
Security Analytics Anomaly | Visualization | Dashboard
UEBA User & Entity Behavior Analytics
Advanced Correlation Actionable Insights | Out-of-box Rules
ML/AI Service Patterns | Outlier | Predictive SoC
Orchestration & Automation Ecosystems Integration | Playbooks |
Response
Network Security Server Endpoint Apps Cloud Users IoT
IOCCA VM WAS WAFAI PC
Qualys Apps
Qualys Security Data Lake Platform Data Ingestion | Normalization | Enrichment | Governance
Qualys Quick Connectors
Security Analytics & Orchestration Apps
QSC Conference, 2018
![Page 15: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/15.jpg)
Characteristics of Data Lake
15
Collect Anything Dive in Anywhere Flexible Access Future Proof
![Page 16: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/16.jpg)
What is Security Data Lake? Single data store (single source of truth)
Structured and unstructured data
Data is transformed, normalized, and enriched Threat Intelligence feed integration, GeoIP etc.
Data has governance, semantic consistency, and access controls
Store-once / Process-once / Use-multiple Apps, dashboards, data analytics
Cross product search, reporting, visualization
Machine learning, forensics, etc.
16
![Page 17: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/17.jpg)
17
SECURITY LOGS FROM MULTIPLE SOURCE
CLOUD CONNECTORS
LOG CONNECTORS
DATA VALIDATION
DATA NORMALIZATION
DATA AGGREGATION
ML/AI MODELLING
DATA VISUALIZATION
RESTFUL API SERVICES
QUALYS SECURITY DATA LAKE PLATFORM
BEHAVIOR ANALYTICS
THREAT HUNTING
SECURITY ANALYTICS
ORCHESTRATION AUTOMATION
3RD PARTY INTEGRATION
Simplified View
QSC Conference, 2018
AD/LDAP/HRMS
![Page 18: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/18.jpg)
![Page 19: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/19.jpg)
Secure Access Control
![Page 20: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/20.jpg)
Agenda
December 6, 2018 Qualys Security Conference, 2018
What is Secure Access Control Use-cases Capabilities Policy-based orchestration Operationalizing Secure Access Control Mockups
20
![Page 21: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/21.jpg)
Block vulnerable assets from accessing critical network resources
Limit access (e.g. quarantine) of vulnerable assets
Grant access to resources only on a need basis. Block everything else
Automated asset attribute processing and enforcement without the need for manual action
December 6, 2018 Qualys Security Conference, 2018 21
Use Cases
![Page 22: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/22.jpg)
Use Cases
December 6, 2018 Qualys Security Conference, 2018 22
Vulnerabilities – Quarantine assets if vulnerable
http://windowsupdate.microsoft.com http://*.windowsupdate.microsoft.com https://*.windowsupdate.microsoft.com http://*.update.microsoft.com https://*.update.microsoft.com http://*.windowsupdate.com http://download.windowsupdate.com http://download.microsoft.com http://*.download.windowsupdate.com http://test.stats.update.microsoft.com http://ntservicepack.microsoft.com
Local Data Center LDC-01
Remote Data Center RDC-01
DHCP Server
DNS Server
Employee Laptop
Vulnerability Found
Enterprise
Remote Office
Windows Update Servers
Active Directory
Quarantine
![Page 23: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/23.jpg)
Use Cases Asset Inventory – Access control using asset inventory attributes
Managed Assets
System Information Hardware
Operating System Services
Network Interfaces Open Ports
Software Inventory Software Lifecycle
Attributes
Unmanaged Assets
ACL
Block
Allow
Assign VLAN
Assign ACL
Quarantine
![Page 24: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/24.jpg)
Use Cases
December 6, 2018 Qualys Security Conference, 2018 24
Compliance - Block assets which fail compliance
Managed Assets ACL
Block
Allow
Assign VLAN
Assign ACL
Quarantine
Compliance Controls Mandates
Control Policies
Malware Family
Category Score
Indications of Compromise
File Process Mutex
Network Registry Incidents
Threat Protection
Zero Day Public Exploit
Actively Attacked
High Lateral Movement
High Data Loss DoS
No Patch Exploit Kit
Easy Exploit
File Integrity Action Actor
Target Incidents
![Page 25: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/25.jpg)
6F:1A:5E:2B:4D:3C
December 6, 2018 Qualys Security Conference, 2018
Assets
Ruleset
6F:1A:5E:2B:4D:3C Server.company.com 10.16.154.20
ACL
Security Control
Action Options
Policy-based Orchestration
25
Policy
![Page 26: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/26.jpg)
6F:1A:5E:2B:4D:3C
Policy-based Orchestration
Qualys Security Conference, 2018
Source
Assets
Inbound Traffic
December 6, 2018
Ruleset
Destination Outbound Traffic
Deny
Allow
Deny
Allow
6F:1A:5E:2B:4D:3C Server.company.com 10.16.154.20
Access Control
26
Policy
![Page 27: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/27.jpg)
Powerful Together
Best of Two Worlds
December 6, 2018 Qualys Security Conference, 2018
Out of Band
Switches
Reliable first hand data
Appliance enforces
Low latency for data collection
& enforcement
Multiple enforcement options
Traffic volume agnostic
Unique Value Proposition
SAC offers both modes
In-Line
Appliance
27
![Page 28: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/28.jpg)
Operationalizing Secure Access Control
December 6, 2018 Qualys Security Conference, 2018
Hardware Qualys Cloud App
Bare-metal Virtual
28
![Page 29: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/29.jpg)
MOCK-UPS
How do I trigger SAC Policies from Qualys Cloud Apps ? How do I view and define policies? How do I troubleshoot an asset?
Secure Access Control
![Page 30: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/30.jpg)
Trigger 1
![Page 31: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/31.jpg)
![Page 32: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/32.jpg)
![Page 33: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/33.jpg)
![Page 34: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/34.jpg)
![Page 35: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/35.jpg)
View & Define 2
![Page 36: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/36.jpg)
![Page 37: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/37.jpg)
![Page 38: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/38.jpg)
![Page 39: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/39.jpg)
![Page 40: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/40.jpg)
Troubleshoot 3
![Page 41: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/41.jpg)
![Page 42: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/42.jpg)
![Page 43: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/43.jpg)
![Page 44: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/44.jpg)
Breach & Attack Simulation
![Page 45: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/45.jpg)
Problems Lack of confidence in the effectiveness of security controls
Limited assessment scope and capabilities
Red Team operations are expensive, not scalable, and not evaluated for completeness
Blue Teams are blind towards the impact of new exploits and attacks on their existing security controls
December 6, 2018 Qualys Security Conference, 2018 45
![Page 46: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/46.jpg)
Automated simulation
of real-world TTPs
mapped to MITRE
ATT&CK™ framework
December 6, 2018 Qualys Security Conference, 2018
Breach & Attack Simulation
46
![Page 47: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/47.jpg)
Technical Approach
Automated simulation of real-world TTPs
Scale security assessments across the entire enterprise
Transition towards a defense strategy based on offensive techniques
Real-time insights mapped to MITRE ATT&CK™ framework
Continuously measure security control drift over time
December 6, 2018 Qualys Security Conference, 2018 47
![Page 48: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/48.jpg)
Command-line interface to adversary agents running Qualys Cloud Agent
December 6, 2018 Qualys Security Conference, 2018
Breach & Attack Simulation
48
![Page 49: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/49.jpg)
December 6, 2018 Qualys Security Conference, 2018 49
Use case: Credential Harvesting and Reuse
1. Uploading / running mimikatz
2. Extracting stored credentials
3. Lateral movements
Breach & Attack Simulation
![Page 50: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/50.jpg)
December 6, 2018 Qualys Security Conference, 2018 50
Use case: Credential Harvesting and Reuse
1. Uploading / running mimikatz
2. Extracting stored credentials
3. Lateral movements
Breach & Attack Simulation
![Page 51: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/51.jpg)
![Page 52: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/52.jpg)
December 6, 2018 Qualys Security Conference, 2018 52
Use case:
Drupalgeddon2 (CVE-2018-7600)
1. Remote system discovery
2. Exploit vulnerability to control system
3. Laterally spread using ETERNALBLUE
Breach & Attack Simulation
![Page 53: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/53.jpg)
![Page 54: First Look Showcase · ATT&CK™ framework Qualys Security Conference, 2018 December 6, 2018 Breach & Attack Simulation 46 . Technical Approach Automated simulation of real-world](https://reader030.vdocuments.site/reader030/viewer/2022040508/5e4c15fd370bec4db14c12bb/html5/thumbnails/54.jpg)
18QUALYS SECURITY CONFERENCE 2018
First Look Showcase Merci, Grazie!
Marco Rottigni [email protected]