Technology
On this episode, we got right into a bunch of new in-the-wildactivity! We discussed FIN6's shift to deploying enterpriseransomware, including their recent LOCKERGOGA campaigns. The recentDAYJOB/ShadowHammer supply chain compromises prompted some discussionaround this trend and several hunting techniques. We covered ournewly-released blog on the techniques that the attackers used todeliver the TRITON malware framework and how to hunt for them - aswell as some background on our on-going response to that group atanother critical infrastructure client. We wanted to learn more aboutattacker creativity and their mindset by inviting a real-lifeadversary onto our show: Alyssa Rahman (@ramen0x3f) from our Red Team.She walks us through a comprehensive red team case study at afinancial client that include compromising multi-factor systems,KeePass, and eventually ATMs. She chats about why our red team prefersphone-based social engineering as well as our Mandiant Red Team'srelease of CommandoVM and ADFSDump/ADFSpoof.