A great twitter thread here for network defenders to have a look over.
https://t.co/ud34znBUwS Take a look at these 15 steps in the post-exploitation phase of the attack and figure out how you can detect more of this activity on your network. It’s not just the Ryuk ransomware threat - these are common tactics that defenders can turn into detections pic.twitter.com/MC4WH7e9WW
— Randy Pargman (@rpargman) November 8, 2020
and to follow up some advise here;
I recommend to look at this adversary emulation plan of FIN6 and see how your coverage is. It's easy to conduct and doesn't cost you anything at all. https://t.co/r6LEjpvREB
— Huy (@DebugPrivilege) November 9, 2020
center-for-threat-informed-defense/adversary_emulation_library
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs. - center-for-threat-informed-defense/adversary_emulation_library
center-for-threat-informed-defense