Non-Malware Attacks: How to Speed Up Your SOC by detecting and responding to “File-less” attacks on Endpoints

5/25/2017 12:00:00 PM [(UTC-05:00) Eastern Time (US & Canada)] - Can't make the live event? Register anyway to receive a link to the recording.

Show/Hide All Time Zones

All Time Zones

Dateline Standard Time-(UTC-12:00) International Date Line West 5/25/2017 4:00:00 AM
UTC-11-(UTC-11:00) Coordinated Universal Time-11 5/25/2017 5:00:00 AM
Aleutian Standard Time-(UTC-10:00) Aleutian Islands 5/25/2017 7:00:00 AM
Hawaiian Standard Time-(UTC-10:00) Hawaii 5/25/2017 6:00:00 AM
Marquesas Standard Time-(UTC-09:30) Marquesas Islands 5/25/2017 6:30:00 AM
Alaskan Standard Time-(UTC-09:00) Alaska 5/25/2017 8:00:00 AM
UTC-09-(UTC-09:00) Coordinated Universal Time-09 5/25/2017 7:00:00 AM
Pacific Standard Time (Mexico)-(UTC-08:00) Baja California 5/25/2017 9:00:00 AM
UTC-08-(UTC-08:00) Coordinated Universal Time-08 5/25/2017 8:00:00 AM
Pacific Standard Time-(UTC-08:00) Pacific Time (US & Canada) 5/25/2017 9:00:00 AM
US Mountain Standard Time-(UTC-07:00) Arizona 5/25/2017 9:00:00 AM
Mountain Standard Time (Mexico)-(UTC-07:00) Chihuahua, La Paz, Mazatlan 5/25/2017 10:00:00 AM
Mountain Standard Time-(UTC-07:00) Mountain Time (US & Canada) 5/25/2017 10:00:00 AM
Central America Standard Time-(UTC-06:00) Central America 5/25/2017 10:00:00 AM
Central Standard Time-(UTC-06:00) Central Time (US & Canada) 5/25/2017 11:00:00 AM
Easter Island Standard Time-(UTC-06:00) Easter Island 5/25/2017 10:00:00 AM
Central Standard Time (Mexico)-(UTC-06:00) Guadalajara, Mexico City, Monterrey 5/25/2017 11:00:00 AM
Canada Central Standard Time-(UTC-06:00) Saskatchewan 5/25/2017 10:00:00 AM
SA Pacific Standard Time-(UTC-05:00) Bogota, Lima, Quito, Rio Branco 5/25/2017 11:00:00 AM
Eastern Standard Time (Mexico)-(UTC-05:00) Chetumal 5/25/2017 11:00:00 AM
Eastern Standard Time-(UTC-05:00) Eastern Time (US & Canada) 5/25/2017 12:00:00 PM
Haiti Standard Time-(UTC-05:00) Haiti 5/25/2017 11:00:00 AM
Cuba Standard Time-(UTC-05:00) Havana 5/25/2017 12:00:00 PM
US Eastern Standard Time-(UTC-05:00) Indiana (East) 5/25/2017 12:00:00 PM
Paraguay Standard Time-(UTC-04:00) Asuncion 5/25/2017 12:00:00 PM
Atlantic Standard Time-(UTC-04:00) Atlantic Time (Canada) 5/25/2017 1:00:00 PM
Venezuela Standard Time-(UTC-04:00) Caracas 5/25/2017 12:00:00 PM
Central Brazilian Standard Time-(UTC-04:00) Cuiaba 5/25/2017 12:00:00 PM
SA Western Standard Time-(UTC-04:00) Georgetown, La Paz, Manaus, San Juan 5/25/2017 12:00:00 PM
Pacific SA Standard Time-(UTC-04:00) Santiago 5/25/2017 12:00:00 PM
Turks And Caicos Standard Time-(UTC-04:00) Turks and Caicos 5/25/2017 12:00:00 PM
Newfoundland Standard Time-(UTC-03:30) Newfoundland 5/25/2017 1:30:00 PM
Tocantins Standard Time-(UTC-03:00) Araguaina 5/25/2017 1:00:00 PM
E. South America Standard Time-(UTC-03:00) Brasilia 5/25/2017 1:00:00 PM
SA Eastern Standard Time-(UTC-03:00) Cayenne, Fortaleza 5/25/2017 1:00:00 PM
Argentina Standard Time-(UTC-03:00) City of Buenos Aires 5/25/2017 1:00:00 PM
Greenland Standard Time-(UTC-03:00) Greenland 5/25/2017 2:00:00 PM
Montevideo Standard Time-(UTC-03:00) Montevideo 5/25/2017 1:00:00 PM
Magallanes Standard Time-(UTC-03:00) Punta Arenas 5/25/2017 1:00:00 PM
Saint Pierre Standard Time-(UTC-03:00) Saint Pierre and Miquelon 5/25/2017 2:00:00 PM
Bahia Standard Time-(UTC-03:00) Salvador 5/25/2017 1:00:00 PM
UTC-02-(UTC-02:00) Coordinated Universal Time-02 5/25/2017 2:00:00 PM
Mid-Atlantic Standard Time-(UTC-02:00) Mid-Atlantic - Old 5/25/2017 3:00:00 PM
Azores Standard Time-(UTC-01:00) Azores 5/25/2017 4:00:00 PM
Cape Verde Standard Time-(UTC-01:00) Cabo Verde Is. 5/25/2017 3:00:00 PM
UTC-(UTC) Coordinated Universal Time 5/25/2017 4:00:00 PM
Morocco Standard Time-(UTC+00:00) Casablanca 5/25/2017 4:00:00 PM
GMT Standard Time-(UTC+00:00) Dublin, Edinburgh, Lisbon, London 5/25/2017 5:00:00 PM
Greenwich Standard Time-(UTC+00:00) Monrovia, Reykjavik 5/25/2017 4:00:00 PM
W. Europe Standard Time-(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna 5/25/2017 6:00:00 PM
Central Europe Standard Time-(UTC+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague 5/25/2017 6:00:00 PM
Romance Standard Time-(UTC+01:00) Brussels, Copenhagen, Madrid, Paris 5/25/2017 6:00:00 PM
Central European Standard Time-(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb 5/25/2017 6:00:00 PM
W. Central Africa Standard Time-(UTC+01:00) West Central Africa 5/25/2017 5:00:00 PM
Namibia Standard Time-(UTC+01:00) Windhoek 5/25/2017 5:00:00 PM
Jordan Standard Time-(UTC+02:00) Amman 5/25/2017 7:00:00 PM
GTB Standard Time-(UTC+02:00) Athens, Bucharest 5/25/2017 7:00:00 PM
Middle East Standard Time-(UTC+02:00) Beirut 5/25/2017 7:00:00 PM
Egypt Standard Time-(UTC+02:00) Cairo 5/25/2017 6:00:00 PM
E. Europe Standard Time-(UTC+02:00) Chisinau 5/25/2017 7:00:00 PM
Syria Standard Time-(UTC+02:00) Damascus 5/25/2017 7:00:00 PM
West Bank Standard Time-(UTC+02:00) Gaza, Hebron 5/25/2017 7:00:00 PM
South Africa Standard Time-(UTC+02:00) Harare, Pretoria 5/25/2017 6:00:00 PM
FLE Standard Time-(UTC+02:00) Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius 5/25/2017 7:00:00 PM
Israel Standard Time-(UTC+02:00) Jerusalem 5/25/2017 7:00:00 PM
Kaliningrad Standard Time-(UTC+02:00) Kaliningrad 5/25/2017 6:00:00 PM
Libya Standard Time-(UTC+02:00) Tripoli 5/25/2017 6:00:00 PM
Arabic Standard Time-(UTC+03:00) Baghdad 5/25/2017 7:00:00 PM
Turkey Standard Time-(UTC+03:00) Istanbul 5/25/2017 7:00:00 PM
Arab Standard Time-(UTC+03:00) Kuwait, Riyadh 5/25/2017 7:00:00 PM
Belarus Standard Time-(UTC+03:00) Minsk 5/25/2017 7:00:00 PM
Russian Standard Time-(UTC+03:00) Moscow, St. Petersburg, Volgograd 5/25/2017 7:00:00 PM
E. Africa Standard Time-(UTC+03:00) Nairobi 5/25/2017 7:00:00 PM
Iran Standard Time-(UTC+03:30) Tehran 5/25/2017 8:30:00 PM
Arabian Standard Time-(UTC+04:00) Abu Dhabi, Muscat 5/25/2017 8:00:00 PM
Astrakhan Standard Time-(UTC+04:00) Astrakhan, Ulyanovsk 5/25/2017 8:00:00 PM
Azerbaijan Standard Time-(UTC+04:00) Baku 5/25/2017 8:00:00 PM
Russia Time Zone 3-(UTC+04:00) Izhevsk, Samara 5/25/2017 8:00:00 PM
Mauritius Standard Time-(UTC+04:00) Port Louis 5/25/2017 8:00:00 PM
Saratov Standard Time-(UTC+04:00) Saratov 5/25/2017 8:00:00 PM
Georgian Standard Time-(UTC+04:00) Tbilisi 5/25/2017 8:00:00 PM
Caucasus Standard Time-(UTC+04:00) Yerevan 5/25/2017 8:00:00 PM
Afghanistan Standard Time-(UTC+04:30) Kabul 5/25/2017 8:30:00 PM
West Asia Standard Time-(UTC+05:00) Ashgabat, Tashkent 5/25/2017 9:00:00 PM
Ekaterinburg Standard Time-(UTC+05:00) Ekaterinburg 5/25/2017 9:00:00 PM
Pakistan Standard Time-(UTC+05:00) Islamabad, Karachi 5/25/2017 9:00:00 PM
India Standard Time-(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi 5/25/2017 9:30:00 PM
Sri Lanka Standard Time-(UTC+05:30) Sri Jayawardenepura 5/25/2017 9:30:00 PM
Nepal Standard Time-(UTC+05:45) Kathmandu 5/25/2017 9:45:00 PM
Central Asia Standard Time-(UTC+06:00) Astana 5/25/2017 10:00:00 PM
Bangladesh Standard Time-(UTC+06:00) Dhaka 5/25/2017 10:00:00 PM
Omsk Standard Time-(UTC+06:00) Omsk 5/25/2017 10:00:00 PM
Myanmar Standard Time-(UTC+06:30) Yangon (Rangoon) 5/25/2017 10:30:00 PM
SE Asia Standard Time-(UTC+07:00) Bangkok, Hanoi, Jakarta 5/25/2017 11:00:00 PM
Altai Standard Time-(UTC+07:00) Barnaul, Gorno-Altaysk 5/25/2017 11:00:00 PM
W. Mongolia Standard Time-(UTC+07:00) Hovd 5/25/2017 11:00:00 PM
North Asia Standard Time-(UTC+07:00) Krasnoyarsk 5/25/2017 11:00:00 PM
N. Central Asia Standard Time-(UTC+07:00) Novosibirsk 5/25/2017 11:00:00 PM
Tomsk Standard Time-(UTC+07:00) Tomsk 5/25/2017 11:00:00 PM
China Standard Time-(UTC+08:00) Beijing, Chongqing, Hong Kong, Urumqi 5/26/2017 12:00:00 AM
North Asia East Standard Time-(UTC+08:00) Irkutsk 5/26/2017 12:00:00 AM
Singapore Standard Time-(UTC+08:00) Kuala Lumpur, Singapore 5/26/2017 12:00:00 AM
W. Australia Standard Time-(UTC+08:00) Perth 5/26/2017 12:00:00 AM
Taipei Standard Time-(UTC+08:00) Taipei 5/26/2017 12:00:00 AM
Ulaanbaatar Standard Time-(UTC+08:00) Ulaanbaatar 5/26/2017 12:00:00 AM
North Korea Standard Time-(UTC+08:30) Pyongyang 5/26/2017 12:30:00 AM
Aus Central W. Standard Time-(UTC+08:45) Eucla 5/26/2017 12:45:00 AM
Transbaikal Standard Time-(UTC+09:00) Chita 5/26/2017 1:00:00 AM
Tokyo Standard Time-(UTC+09:00) Osaka, Sapporo, Tokyo 5/26/2017 1:00:00 AM
Korea Standard Time-(UTC+09:00) Seoul 5/26/2017 1:00:00 AM
Yakutsk Standard Time-(UTC+09:00) Yakutsk 5/26/2017 1:00:00 AM
Cen. Australia Standard Time-(UTC+09:30) Adelaide 5/26/2017 1:30:00 AM
AUS Central Standard Time-(UTC+09:30) Darwin 5/26/2017 1:30:00 AM
E. Australia Standard Time-(UTC+10:00) Brisbane 5/26/2017 2:00:00 AM
AUS Eastern Standard Time-(UTC+10:00) Canberra, Melbourne, Sydney 5/26/2017 2:00:00 AM
West Pacific Standard Time-(UTC+10:00) Guam, Port Moresby 5/26/2017 2:00:00 AM
Tasmania Standard Time-(UTC+10:00) Hobart 5/26/2017 2:00:00 AM
Vladivostok Standard Time-(UTC+10:00) Vladivostok 5/26/2017 2:00:00 AM
Lord Howe Standard Time-(UTC+10:30) Lord Howe Island 5/26/2017 2:30:00 AM
Bougainville Standard Time-(UTC+11:00) Bougainville Island 5/26/2017 3:00:00 AM
Russia Time Zone 10-(UTC+11:00) Chokurdakh 5/26/2017 3:00:00 AM
Magadan Standard Time-(UTC+11:00) Magadan 5/26/2017 3:00:00 AM
Norfolk Standard Time-(UTC+11:00) Norfolk Island 5/26/2017 3:00:00 AM
Sakhalin Standard Time-(UTC+11:00) Sakhalin 5/26/2017 3:00:00 AM
Central Pacific Standard Time-(UTC+11:00) Solomon Is., New Caledonia 5/26/2017 3:00:00 AM
Russia Time Zone 11-(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky 5/26/2017 4:00:00 AM
New Zealand Standard Time-(UTC+12:00) Auckland, Wellington 5/26/2017 4:00:00 AM
UTC+12-(UTC+12:00) Coordinated Universal Time+12 5/26/2017 4:00:00 AM
Fiji Standard Time-(UTC+12:00) Fiji 5/26/2017 4:00:00 AM
Kamchatka Standard Time-(UTC+12:00) Petropavlovsk-Kamchatsky - Old 5/26/2017 5:00:00 AM
Chatham Islands Standard Time-(UTC+12:45) Chatham Islands 5/26/2017 4:45:00 AM
UTC+13-(UTC+13:00) Coordinated Universal Time+13 5/26/2017 5:00:00 AM
Tonga Standard Time-(UTC+13:00) Nuku'alofa 5/26/2017 5:00:00 AM
Samoa Standard Time-(UTC+13:00) Samoa 5/26/2017 5:00:00 AM
Line Islands Standard Time-(UTC+14:00) Kiritimati Island 5/26/2017 6:00:00 AM

Webinar Registration

Non-malware, file-less attacks, living-off-the-land.

Attackers are learning how to fly beneath the radar by doing their work strictly in memory and staying off the file system as much as possible. In fact in a recent study, 64% of 410 security researchers report an increase in non-malware attacks since the beginning of 2016.

You still need to look for unrecognized EXEs, DLLs, scripts and so on but nowadays that will only catch lower skilled attackers. Actually – for that matter – it doesn't require a highly-skilled attacker to use non-malware techniques; there's already shrink-wrapped, commodity hacker tools out there that make it easy for non-systems programmers to exploit non-malware techniques.

Take the white-hat tool PowerShell Empire for instance. It gives the attacker all the power of PowerShell (pun intended) without persisting scripts – much less EXEs to disk. PowerShell allows you to use .Net which in turn allows you to do pretty much anything that a custom written Windows EXE can do. The attacker starts with something small like a Word document containing a macro that starts PowerShell in the memory of Word – never even launching PowerShell.exe.

Combatting the current state-of-the art in cybercrime isn't just about detection technology. We the security analysts and SOC managers need to get faster and more effective at detecting and resolving these incidents, to keep up. In the past we've been able to largely focus on the file system. That mindset is rooted in the days of simple viruses that relied on files with static byte patterns otherwise known as signatures.

Today, it's all about the much more dynamic, ephemeral world of processes and memory. Which programs are running other programs? Does that make sense? Why are the bits of a PowerShell DLL showing up memory allocated to Microsoft Word? Why is Word opening an outbound WMI connection to our database server?

But it's not limited to technical exploits. Organizations are reporting attackers becoming more adept at social engineering that targets; not just end-users but also IT and even infosec staff. Similarly attackers, having gained a foothold inside an organization’s network target end-users while impersonating HR and – again – even infosec staff when emailing other users.

In this upcoming real-training-for-free ™ webinar we will drill down into non-malware attacks and discuss what it takes to become a high-speed SOC that can quickly detect and respond to these attacks. Technology is a critical component but we'll also look at softer yet equally critical side of skills and processes. Joining me for the discussion are folks from Carbon Black who have been investigating non-malware attacks since they began.

Some of the technical issues we’ll address:

  • WMI-based attacks
  • In-memory techniques
  • PowerShell attacks (both PowerShell.exe and more sophisticated DLL only attacks)
  • Office macros

Carbon Black is sponsoring this real training for free ™ session and I’ll be joined by some of the very smart folks there who are constantly researching current attacks.

Anti-virus obviously don't address these attacks invisible to the file system and artificial intelligence are still nascent technologies at best. Join us for this in-depth discussion of how non-malware attacks work and how to streamline your SOC to deal with them.

First Name:   
Last Name:   
Work Email:  
Phone:  
Job Title:  
Organization:  
Country:    
State:  
 

Your information will be shared with the sponsor.


 

 

Additional Resources