accent 1 accent 2
CPE Cyber Attack Lab #2

Detecting and Investigating Insider Threats

Friday, April 16th | 9:00 am ET

Watch a disgruntled software engineer go rogue!


In a devious attempt to steal sensitive financial info, our insider finds a list of service accounts with admin privileges, performs a Kerberoasting attack to hijack a backup service's credentials, and sends a ZIP full of sensitive info to a personal Gmail account.


We'll show you how the attack is performed and what the corresponding alerts look like in Varonis.

+1 CPE

Register Now

About this webinar:

Here's an overview of the attack:
  • See how Varonis uncovers indicators of compromise at every turn.

  • An insider was paid to exfiltrate sensitive organizational data

  • To cover his tracks, he takes control of a service account with elevated privileges

  • Using the service account, he scans company file shares for documents with certain keywords

  • Copies matching documents to his PC

  • Creates an encrypted ZIP file

  • He uses the service account to exfiltrate the ZIP file as an attachment to a personal Gmail account

Ian Levy
Ian Levy Security Analytics Manager, Varonis
Ian Levy is a Senior Security Analyst on the Incident Response and Security Architecture teams where every day they help organizations detect and respond to cyber threats. Having worked in the retail sector and being network-focused engineer for many years, Ian works to help organizations proactively reduce their risk posture and aids in protecting mission critical systems while safeguarding sensitive data. Ian graduated from Pennsylvania State University and majored in Information Sciences with a minor in Security and Risk Assessment.

“In terms of solutions, Varonis Edge was our MVP. Edge directed us to the computers with suspicious DNS requests, correlated them with specific users, and showed us the addresses we needed to block.” 

Want to see Varonis in action?