accent 1 accent 2
CPE Cyber Attack Lab #1

Malware, C&C, and DNS Exfiltration

Wed, May 12 | 10:00 am ET

What's behind those malicious Word macros that users just love to enable?

Watch our IR team convince a user to open an infected document, giving us a reverse shell. We'll use that connection to recon the network, run a pass-the-hash attack, and sneak some top-secret data out via DNS tunneling.

Then learn, step-by-step, how you can use Varonis to run a fast and conclusive investigation—without wasting hours stitching logs or running reports.

If you would like ISC2 CPE credits for attending, please make sure to submit your ISC2 member number in the form.

+1 CPE

Register Now

About this webinar

Here’s an outline of how the attack works:

  • We trick a user into entering creds into our fake O365 login page (made with evilginx)
  • We make Microsoft send a passcode to the user’s phone
  • User enters their passcode on OUR fake page
  • We hijack the user’s session token
  • Gain access to SharePoint Online environment
  • Exfiltrate data from O365
  • Pivot to on-prem and steal CEO’s emails (because why not?)
Ian McIntyre-1
Ian McIntyre Senior Security Analyst, Varonis

Ian McIntyre is a Security Analytics Manager on the Security Architecture and Incident Response team at Varonis. In his position at Varonis, Ian helps customers understand and implement the full scope of Varonis’ detection and alerting capabilities, as well as assisting customers through cybersecurity investigations. Specific areas of interest include training SOC teams on how to analyze and triage Varonis alerts, and building full activity timelines of suspected insider threats.


Infrastructure Manager, US Federal Credit Union

Want to see Varonis in action?