Examining DFIR Techniques to Optimize Incident Response for the PrintNightmare Attack and Cobalt Strike

Webinar Registration

It’s one thing to realize you have become the victim of a vulnerability-based attack. It’s entirely another thing to know this in a timely manner where you have insightful context empowering you to do something about it to both remediate the current threat actions and mitigate any further actions from taking place. Being able to quickly piece together digital artifacts left on file systems, within the Registry, in memory, or within system logs is an imperative part of any digital forensics and incident response (DFIR) effort.

Attacks like the recent PrintNightmare vulnerability – which included both remote code execution and elevation of privileges – involved not one, but three CVEs and related patches and affected millions of Windows desktop and server operating systems worldwide. Attacks using this vulnerability had the potential to provide threat actors with unfettered access to compromised systems, with tools like Cobalt Strike used for remote access and engaging in further threat actions.

So, how can you use DFIR techniques to use digital artifacts to identify attacks early and stop them from continuing?

In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat, and will first cover:

  • Common digital forensics capabilities, artifacts, and processes
  • How DFIR fits into your security strategy
  • A brief primer on PrintNightmare and Cobalt Strike

Nick will then be joined by Zach Paul and Eric Van Tyne, Senior IR Consultants from Rapid7, who will showcase the free open source DFIR solution, Velociraptor, demonstrating common DFIR techniques that will improve the efficiency and effectiveness of your forensics and response efforts.

Zach will first cover Velociraptor and walk through a PrintNightmare use case, identifying impacted systems using collected digital artifacts. Then Eric will use Velociraptor and walk through an attack involving Cobalt Strike. The goal is to demonstrate how you can use open source tools to successfully investigate and address attacks.

This real training for free event will be jam packed with technical detail and real-world application. Register today!

First Name:   
Last Name:   
Work Email:  
Job Title:  

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.



Additional Resources