Hack Red Con 2024
-
End the Burnout - 3 things your CISO wishes you knew.
Mark Thacker
-
Doors, Cameras, and Mantraps: Oh, my!
Dylan "The Magician" Baklor
-
Registration Opens
Oct. 25
-
Opening Ceremony
Oct. 25
-
Keynote Round Table - Ed Skoudis, Dave Kennedy, Ken Nevers, Amanda Berlin
Oct. 25
-
Intro to Infrastructure Automation for Offensive Security
Alex MartirosyanOct. 25
-
Securing Derby 150
Jason PaytonOct. 25
-
Creating Intelligence From Malware Samples
Jon "Wally" Prather and Jeff SmealOct. 25
-
CISO Roundtable
Oct. 25
-
Tough Adversary? Don’t Blame Sun Tzu
Dr. Gregory CarpenterOct. 25
Jonathan Rogers is a lifelong nerd with a never ending curiosity and a passion to know how things work. He loves helping others learn more about cybersecurity and helping them secure their companies. He's the father to an amazing wife and awesome son. As his day job he works as a cybersecurity engineer helping secure is organization
In 2022 the most popular C2 used by threat actors was Cobalt Strike, so far in 2024 the most popular C2 has been remote monitoring and management tools (RMM). I’m looking at you Connectwise!! Now while I say this tongue in cheek, there is some truth in that statement. RMM’s are tools that are used by IT teams to administrate and keep tabs on machines no matter where they are at in world. These tools are helpful and, in some cases, vital for IT teams to manage company systems. The issue is that because these tools have control over every or most machines in an organization, they are powerful and useful but also dangerous.
Since they are so powerful RMM’s are stress relieving for IT teams but stress inducing (at ulcer and stroke levels) for cybersecurity teams. As uncle Ben told young Peter Parker, “With great power comes great responsibility.” RMM’s have the power and as security professionals we have the responsibility of securing them. How the heck do we do that though?
Let’s not wallow in despair about these tools but instead let’s take a journey together as we work to secure our RMM’s. We’ll talk about monitoring our monitoring system, monitoring for illegitimate RMM’s in our network, what we can do to secure them, and what to do if our RMM is fed after midnight(compromised) and goes on a rampage. Join me friends as we work to secure our RMM’s.