Pivoting from Linux to Windows: Using Behavior to Detect Intrusions Involving Edge Devices

Webinar Registration

Any Internet-facing device, appliance, server, or VM is fair game as an initial attack vector to a cyber attacker. They are readily accessible remotely and offer security teams little visibility into whether they are secure, under attack, or compromised.

Additionally, those devices running on a Linux kernel can prove to be valuable assets to an attacker: A Linux device can be made a stealthy persistent foothold from which to pivot and begin attacks on your Windows infrastructure, it can be used to assist in exfiltration, and just because it’s been patched doesn’t mean it hasn’t already been exploited and continues to provide access via web shell. All this while your security team may be unaware these devices are still compromised.

Attackers choosing to pivot and focus on gaining access to your Windows environment, historically expose themselves to detection through indicators of compromise (IoC) on the network, as well as within the Windows OS, applications, and Active Directory. But with many attackers working to hide their tracks, how can organizations detect attacks and trace them back to edge devices?

In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat, discussing:

  • The value of stealth and persistence during an attack
  • Why the initial foothold matters
  • Why attackers are seeking out edge devices when phishing attacks prevail

Nick will be joined by Ted Samuels, Incident Response Consultant and Jeff Gardner, Practice Advisor, Detection and Response, both from Rapid7. Ted will cover a real-word intrusion example where an Internet-facing device using Linux was the initial attack vector and the attacker pivoted to Windows to complete the attack. Ted will cover:

  • How edge devices can be compromised
  • Why an attacker would want to live on a *nix device?
  • What actions are taken when pivoting to Windows

Jeff will discuss:

  • Which detection and response methodologies yield the fastest and most accurate remediation?
  • Why User and Entity Behavior Analytics and Attacker Behavior Analytics are important as part of both your detection and response strategy
  • Is there still a place for IoCs?

This real training for free event will be jam packed with technical detail and real-world application. Register today!

First Name:   
Last Name:   
Work Email:  
Job Title:  

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.



Additional Resources