在为时已晚之前检测到初始访问恶意软件.pdf

《在为时已晚之前检测到初始访问恶意软件.pdf》由会员分享，可在线阅读，更多相关《在为时已晚之前检测到初始访问恶意软件.pdf（37页珍藏版）》请在三个皮匠报告上搜索。

1、DETECTING INITIAL ACCESS MALWARE BEFORE ITS TOO LATEHiren Sadhwani|30th May 2025SANS Ransomware Summit 2025Whoami Working as Cyber Threat Hunter Inspira Enterprise Ex-Forescout and PwC Occasionally blogs on medium Previous speaker at SANS BlueTeam Summit 2023 and various other local infosec chapters

2、 Connect with on:hir3n_s/in/hiren-sadhwani/ What is Initial access malware and why it matters Common initial access vectors and types Initial Access Brokers(IABs)Threat Hunting Malwares ConclusionInitial Access MalwareInitial access malware is malicious software designed to gain a foothold in a targ

3、et system or network,often serving as the entry point for further attacks like data theft,lateral movement,or ransomware deployment.Why it matters?All attacks start by gaining an initial foothold in the target environment.Most often,this occurs by tricking employees into downloading malware onto the

4、ir machines or compromising third-party vendor accounts with access to your network or cloud resources.Some common initial access vectorsTraditional Methods Phishing(T1566)Drive-by Downloads(T1189)Malicious Advertisements(Malvertising)Exposed Remote Desktop Protocol(RDP)(T1133)Exploiting Public-Faci

5、ng Applications(T1190)New Emerging Methods ClickFix Attacks/Fake CAPTCHA Bypasses/Paste&Run Email Bombing-MS Teams Impersonation Supply Chain Attacks QR Code Phishing(Quishing)Search Engine Optimization(SEO)PoisoningTypes of Initial Access MalwareInfostealers(e.g.,Lumma,RedLine,Vidar)Steal credentia

6、ls,cookies,and session tokens to bypass authentication.Example:Fake browser updates dropping Lumma Stealer.Droppers/Downloaders(e.g.,BazarLoader,QakBot)Disguised as legitimate files(PDFs,Word docs)to fetch additional malware.Exploits(e.g.,ProxyLogon,Log4Shell)RATs(Remote Access Trojans,e.g.,AsyncRAT