SANS DFIR Summit 2022
Speaker: Korstiaan Stam
Subtitle: Automated digital forensic analysis on Google Workspace using MITRE ATT&CK Cloud Matrix Framework.
Abstract: The recent adoption of cloud-based office solutions has lead to an increased effort on the part of threat actors to compromise these environments. As a result, digital forensic analysis of such environments has become a topic of research in and of itself. Despite its rapid growth and more than 5 million businesses as clients, research into forensic analysis approaches to Google is lacking.
In this talk I will showcase and release a brand new open-source tool that is able to acquire Google Workspace audit logs and maps individual events to MITRE ATT&CK techniques. On top of that the tool can automatically identify kill chains based on the audit logs. The presentation contains examples of threat actor techniques to demonstrate this. Finally, I'll share a sample dataset of Google Workspace audit logs containing evidence related to attacks used by threat actors to the public to allow for further research into this topic.
View upcoming Summits: www.sans.org/u/DuS
Download the presentation slides (SANS account required) at www.sans.org/u...
Негізгі бет Detecting Malicious Actors in Google Workspace
Пікірлер: 2