Recent updates
-
Carbon Black Cloud Workload Plug-in
Updated onArticleThe following section details the basics of accessing and using the Carbon Black Cloud Workload Plug-In in vSphere. The Carbon Black Cloud Workload Plug-in for vSphere integrates CB security capabilities directly in the vSphere Client.
Edited for Discovery (Pathfinder) TDX-2436-03-SEC Section 3: Walkthrough of vSphere with the Carbon Black Cloud Workload Plug-in
-
Access the Carbon Black Cloud Desktop
Updated onArticleYour environment is currently being setup. To log in to the vSphere environment, perform the following steps.
Edited for Discovery (Pathfinder) TDX-2436-03-SEC Section 1: Accessing the TestDrive Experience
-
Execute and Exfiltrate
Updated onArticleOne of the biggest concerns we see in the security space is ransomware; for good reason because of how costly and destructive this type of attack can be. Ransomware such as RYUK and Conti will attempt to distribute across the network and encrypt/destroy data for maximum impact. In recent years ransomware has shown a drastic increase in both commonality and the level of destruction on users' systems. This stage is often detrimental.
Edited for Discovery (Pathfinder) TDX-2436-02-SEC Section 6: Ransomware - Execute and Exfiltrate
-
Maintain and Manipulate
Updated onArticleAfter achieving initial access attackers attempt to move forward with their goals. One of the best ways of doing that is scraping credentials or abusing other existing binaries in the environment – like PowerShell. A trusted program like PowerShell is not blocked by traditional signature-based AV. It is commonly used across Windows environments for legitimate purpose – but attackers can leverage it for malicious intent as well.
Edited for Discovery (Pathfinder) TDX-2436-02-SEC Section 5: Non-Malware/Trusted Tools - Maintain and Manipulate
-
Infiltrate
Updated onArticleSpearphishing is a common technique to infiltrate and gain initial access to an environment. Much of the data attackers use to make an email seem legitimate is available online – and even posted by companies themselves. Public information such as employees, current projects, organizational charts, and so forth can be used to make a message appear legitimate to even discerning employees.
Edited for Discovery (Pathfinder) TDX-2436-02-SEC Section 4: Spearphishing/Known Malware - Infiltrate
-
Carbon Black Cloud
Updated onArticleThe following section details the basics of accessing and using the Carbon Black Cloud. If you are familiar with the Carbon Black Cloud you may skip the informational section one. For a more in-depth walkthrough of the CBC please see the “Endpoint Standard Hands-On Lab” located here: https://labs.hol.vmware.com/HOL/catalogs/lab/10096
Edited for Discovery (Pathfinder) TDX-2436-02-SEC Section 2: Walkthrough of the Carbon Black Cloud
-
Access the Carbon Black Malware Desktop
Updated onArticleTo login to the environment, perform the following steps.
Edited for Discovery (Pathfinder) TDX-2436-02-SEC Section 1: Accessing the Environment
-
File Integrity Control / Monitoring Overview
Updated onArticleThis activity will create custom rules specific to FIM/FIC. For more information on custom rules see earlier section (Custom Rules)
Edited for Discovery (Pathfinder) TDX-2436-01-SEC App Control Lab Activities - File Integrity Control / Monitoring
-
Rule Discovery Overview
Updated onArticleThis activity will cover a variety of rules and approval methods App Control offers. For more information on approvals see earlier section (App Control Rules and Approvals)
Edited for Discovery (Pathfinder) TDX-2436-01-SEC App Control Lab Activities - Rule Discovery
-
Enforcement Level Activity Overview
Updated onArticleThis activity will cover Enforcement Levels and how assigned level affects running unapproved applications. For background on Enforcement levels see earlier section (App Control Enforcement Levels)
Edited for Discovery (Pathfinder) TDX-2436-01-SEC App Control Lab Activities - Enforcement Level Activity