Defending against Ryuk Gary - 10 Nov 2020 A great twitter thread here for network defenders to have a look over.https://t.co/ud34znBUwS Take a look at these 15 steps in the post-exploitation phase of the attack and figure out how you can detect more of this activity on your network. It’s not just the Ryuk ransomware threat - these are common tactics that defenders can turn into detections pic.twitter.com/MC4WH7e9WW— Randy Pargman (@rpargman) November 8, 2020 and to follow up some advise here;I recommend to look at this adversary emulation plan of FIN6 and see how your coverage is. It's easy to conduct and doesn't cost you anything at all. https://t.co/r6LEjpvREB— Huy (@DebugPrivilege) November 9, 2020 center-for-threat-informed-defense/adversary_emulation_libraryAn open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs. - center-for-threat-informed-defense/adversary_emulation_libraryGitHubcenter-for-threat-informed-defense