Join our IR team for a play-by-play of a live attack simulation and investigation of a rogue insider threat using DatAlert’s new DFIR capabilities.
During this training session, our security analysts will execute a new attack scenario in our lab.
Here’s the scenario:
- An insider was paid to exfiltrate sensitive organizational data
- To remain uncovered, he takes control on a service account
- Using the service account, he scans company filers for documents with indicating keywords
- Copies matching documents to his PC
- Creates an encrypted ZIP file
- To remain uncovered, he uses the service account to upload the ZIP file to an external Gmail account