accent 1 accent 2
CPE Cyber Attack Lab #2 Replay

Detecting and Investigating Insider Threats


Watch a disgruntled software engineer go rogue!

In a devious attempt to steal sensitive financial info, our insider finds a list of service accounts with admin privileges, performs a Kerberoasting attack to hijack a backup service's credentials, and sends a ZIP full of sensitive info to a personal Gmail account. 

+1 CPE

Watch Now

About this webinar

We'll show you how the attack is performed and what the corresponding alerts look like in Varonis.

See how Varonis uncovers indicators of compromise at every turn.
  • An insider was paid to exfiltrate sensitive organizational data
  • To cover his tracks, he takes control of a service account with elevated privileges
  • Using the service account, he scans company file shares for documents with certain keywords
  • Copies matching documents to his PC
  • Creates an encrypted ZIP file
  • He uses the service account to exfiltrate the ZIP file as an attachment to a personal Gmail account
Raphael Kelly 3
Raphael Kelly Security Analyst Team Lead, Varonis

Raphael Kelly, GCIH is a Team Lead for the Incident Response and Security Architecture team at Varonis. Raphael has an consulting and automation background with experience in IT infrastructure, Incident Response, and Data Protection. Varonis’ team of security professionals provide complementary Incident Response services to all existing customers. In addition, they work with customers to operationalize the Varonis Data Security Platform and integrate Varonis into the security ecosystem.

“The level of governance and insight provided by Varonis empowered our team to detect and respond to abnormalities as well as user activity and misconfigurations.”

Al Faella, CTO, Prospect Capital Management

Want to see Varonis in action?

Request a demo