How STORM-2603 is Using DFIR Tools for Evil

Explore how the STORM-2603 threat actor exploits legitimate DFIR (Digital Forensics and Incident Response) tools for malicious purposes in this 32-minute cybersecurity webinar. Dive deep into ransomware operations potentially linked to Chinese-affiliated threat actors, examining their use of multiple ransomware variants including Warlock and Lockbit to demonstrate tactical versatility. Learn from guest speaker Phil Hagen about effective detection strategies and the critical challenges of converting threat intelligence reports into actionable security measures. Discover how legitimate tools like Velociraptor are being weaponized in attacks and understand the essential techniques for monitoring and distinguishing between legitimate and malicious tool usage. Master the importance of establishing network activity baselines and implementing rapid incident response protocols during ransomware incidents. Gain insights into the latest cybersecurity developments including OpenAI's Aardvark introduction and the release of the Atomic Red Team MCP server, while developing practical skills for threat hunting, threat intelligence analysis, and managed detection and response operations.