วีดีโอ

Sophos MDR ThreatCast is our Managed Detection and Response team's live, monthly threat intelligence briefing where veteran intelligence analysts, threat hunters, and threat researchers disseminate our latest observations and insights into active campaigns, notable vulnerabilities, ransomware and malware, and threat actor behaviors from across the threat landscape.

Sophos MDR ThreatCast is our Managed Detection and Response team's live, monthly threat intelligence briefing where veteran intelligence analysts, threat hunters, and threat researchers disseminate our latest observations and insights into active campaigns, notable vulnerabilities, ransomware and malware, and threat actor behaviors from across the threat landscape.

Sophos MDR ThreatCast is our Managed Detection and Response team's live, monthly threat intelligence briefing where veteran intelligence analysts, threat hunters, and threat researchers disseminate our latest observations and insights into active campaigns, notable vulnerabilities, ransomware and malware, and threat actor behaviors from across the threat landscape.

Lee Kirkpatrick of Sophos X-Ops' Incident Response team demonstrates how attackers from the Mad Liberator ransomware gang used AnyDesk to move on the network and, ultimately, exfiltrate data. For more information and links to the resources mentioned in the series, please see the companion blog post: news.sophos.com/en-us/2024/08/13/dont-get-mad-get-wise/ . 00:00 Introduction 01:40 Connecting 01...

Lee Kirkpatrick of Sophos X-Ops' Incident Response team demonstrates and discusses what defenders can learn from queries looking at 4624 and 4625 login events. For more information and links to the resources mentioned in the series, please see the companion blog post: news.sophos.com/en-us/2024/03/20/remote-desktop-protocol-executing-the-4624_4625-login-query/ 00:00 Introduction 00:18 Looking a...

Lee Kirkpatrick of Sophos X-Ops' Incident Response team shows how to create and execute the RDP Logins from External IPs query, a useful resource for understanding who's connecting to your network from outside. For more information and links to the resources mentioned in the series, please see the companion blog post: news.sophos.com/en-us/2024/03/20/remote-desktop-protocol-executing-the-extern...

Lee Kirkpatrick of Sophos X-Ops' Incident Response team shows us a lesser-known but very useful event captured in the Windows Remote Desktop Services RDP Core TS Operational log. For more information and links to the resources mentioned in the series, please see the companion blog post: news.sophos.com/en-us/2024/03/20/remote-desktop-protocol-how-to-use-time-zone-bias/ 00:00 Introduction 00:56 ...

Sophos X-Ops looks at several queries that reveal much to investigators about questionable login activities. For more information and links to the resources mentioned in the series, please see the companion blog post: news.sophos.com/en-us/2024/03/20/remote-desktop-protocol-queries-for-investigation/ 00:00 Introduction 00:33 Logins.01.2 - 21-40 local session logins events.sql 00:52 Logins.01.0 ...

Is it really so bad to leave a server with Remote Desktop Protocol (RDP) exposed to the internet? If you know you know; if you don't, watch this video (and then forward it to whoever needs to hear this today). news.sophos.com/en-us/2024/03/20/remote-desktop-protocol-exposed-rdp-is-dangerous/ 00:00 Introduction 00:13 Is it really that bad? (By the numbers) 00:45 Tragically popular usernames 01:4...

An introduction to the Sophos X-Ops RDP playlist. Does the widely used protocol build a bridge productivity or open the gates to ransomware? For more information and links to the resources mentioned in the series, please see the companion blog post: news.sophos.com/en-us/2024/03/20/remote-desktop-protocol-the-series/ 00:00 Introduction 00:11 RDP: An overview 00:47 A bridge or an open gate? 01:5...

SophosAI data scientist Salma Taoufiq summarizes the team’s recent research efforts on benchmarking the capabilities of large language models (LLMs) for defensive cybersecurity use cases. For more information or to comment, please visit the companion blog post: news.sophos.com/en-us/2024/03/18/benchmarking-the-security-capabilities-of-large-language-models/ 00:00 Introduction 00:54 Proposed tes...

As part of our technical thought leadership series, Sophos X-Ops takes a detailed look at anti-ransomware techniques. For this video, we asked Mark Loman, the guiding force behind CryptoGuard, to explain how the technology under the hood operates. For more information, please see the companion blog post: news.sophos.com/en-us/2023/12/20/cryptoguard-an-asymmetric-approach-to-the-ransomware-battl...

Sophos X-Ops' Ben Gelman sees generative AI as a significant component in the next generation of online scams. Here, he walks us through just how easy it was to bring "Elegant Gems" into online existence and why that matters. For more information, please see the blog post news.sophos.com/en-us/2023/11/27/the-dark-side-of-ai-large-scale-scam-campaigns-made-possible-by-generative-ai/ 00:00 Introd...

The Sophos X-Ops Incident Response Team discuses Group Policy attacks, basing the threat hunt on a ransomware investigation undertaken by the Sophos X-Ops Incident Response team earlier this year. We will cover malicious behaviors associated with Active Directory and Group Policy attacks, showing you how to investigate and remediate some of these threats. For more information or to comment, ple...

Sophos X-Ops Incident Response: How To Investigate Rclone Data Exfiltration