Bare metal hypervisors hosting virtual machines are used to run IT infrastructure by most of the organizations. Threat actors continue to target these hypervisors, sometimes to perform at scale encryption and other times to maintain covert persistence. Based on experience gained from investigating a variety of such attacks targeting organizations, this talk will detail the attack surface of some of the popular hypervisors like VMWare ESXi, how threat actors target them, how defenders can secure them and how post-incident investigations can be performed. The focus of this talk is to share a practical investigation approach for hypervisor compromises, based on logs available, and evidence created during common attack scenarios. We will discuss an investigation approach and evidence created during common attack scenarios when hypervisors are targeted.SANS DFIR Summit 2023
Speakers:
Anurag Khanna, Manager – Incident Response& Consulting Services, Crowdstrike Services
Thirumalai Natarajan, Senior Manager, Mandiant Consulting/Google Cloud
View upcoming Summits:
Музыка
Фильмы
ТВ Шоу
Категории видео
