Following in the footsteps of a cyber-criminal and uncovering their digital footprint. This is a journey inside the mind of an ethical hacker's response to a ransomware incident that brought a business to a full stop, and discovering the evidence left behind to uncover their attack path and the techniques used. Malicious attackers look for the cheapest, fastest, stealthiest way to achieve their goals. Windows endpoints provide many opportunities to gain entry to IT environments and access sensitive information. This session will show you the attacker's techniques used and how they went from zero to full domain admin compromise that resulted in a nasty CryLock ransomware incident.
In this session I will cover a real-world incident response to the CryLock ransomware showing the techniques used by the attackers. The footprints left behind and uncovering the techniques used.
• How attackers gained access to system
• Established staging
• What tools were used
• What commands were executed
• How the ransomware was delivered
• How AD elevation was achieved
