Defending in a hostile environment: Key findings from the BlackHat NOC
Contents
Key points
- The Black Hat network is more unique and complex than a standard enterprise network due to the number and diversity of devices connected, the abundance of trainings and labs that occur, and the rapid nature of the engagement itself.
- Over the course of the conference, our IronDefense NDR solution generated 31 malicious alerts and 45 suspicious alerts, detecting both real malware activity and simulated attack tactics from classes and demos.
- More specifically, IronNet hunters uncovered several active malware infections on the Black Hat network, including Shlayer malware, North Korean-attributed SHARPEXT malware, and NetSupport RAT malware.
Our second year of defending the Black Hat Network Operations Center (NOC) is now in the books, where we had another opportunity to use our network detection capabilities to protect a one-of-a-kind network.
Our NOC threat hunters – Peter Rydzynski, Austin Tippett, Blake Cahen, Michael Leardi, Keith Li, and Jeremy Miller – worked tirelessly throughout …
- The Black Hat network is more unique and complex than a standard enterprise network due to the number and diversity of devices connected, the abundance of trainings and labs that occur, and the rapid nature of the engagement itself.
- Over the course of the conference, our IronDefense NDR solution generated 31 malicious alerts and 45 suspicious alerts, detecting both real malware activity and simulated attack tactics from classes and demos.
- More specifically, IronNet hunters uncovered several active malware infections on the Black Hat network, including Shlayer malware, North Korean-attributed SHARPEXT malware, and NetSupport RAT malware.
Our second year of defending the Black Hat Network Operations Center (NOC) is now in the books, where we had another opportunity to use our network detection capabilities to protect a one-of-a-kind network.
Our NOC threat hunters – Peter Rydzynski, Austin Tippett, Blake Cahen, Michael Leardi, Keith Li, and Jeremy Miller – worked tirelessly throughout …
IoC
135.84.124.41
156.154.113.16
198.54.126.155
199.188.200.186
23.63.71.26
http://api.commondevice.com
http://download.commondevice.com
http://downloads.commondevice.com
http://fakeurl.htm
http://gonamod.com
http://radoinvest.com
http://siekis.com
http://worldinfocontact.club
156.154.113.16
198.54.126.155
199.188.200.186
23.63.71.26
http://api.commondevice.com
http://download.commondevice.com
http://downloads.commondevice.com
http://fakeurl.htm
http://gonamod.com
http://radoinvest.com
http://siekis.com
http://worldinfocontact.club