Gaining access to privileged accounts and sessions is very often a key element of a successful cyberattack. Administrative privileges are used by attackers to gain control over the target environment and make it possible to execute the next phase of the attack regardless of if the endgame is a supply chain, ransomware, or exfiltration of information.
This session will address key weaknesses that threat actors often use to compromise systems as well as recommendations and priorities that are based primarily on knowledge and insights acquired while responding to actual incidents, conducting forensic investigations post-attack with the Truesec Incident Response Team, and preventing and mitigating cyber breaches in the Truesec Security Operations Centre.