Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn how BlackBasta ransomware operators exploit social engineering tactics to gain initial access to organizational networks in this 29-minute conference talk from the SANS Ransomware Summit 2025. Discover the sophisticated methods these threat actors employ, including email bombing campaigns and Microsoft Teams-based impersonation techniques designed to manipulate victims into launching remote management tools. Explore the complete attack chain as presenters Partha Alwar and Kelsey Ward-Van Nostrand from Stroz Friedberg detail how attackers deploy credential theft websites, exploit Microsoft 365 session replay vulnerabilities, abuse Active Directory Certificate Services (ESC1), and systematically disable security tools once they establish a foothold. Gain insights into detection opportunities and practical mitigation strategies based on real-world incident response investigations, equipping yourself with knowledge to defend against these evolving social engineering-based ransomware attacks targeting modern workplace collaboration platforms.
