Thirumalai Natarajan (@th1rum), Senior Manager of Incident Response & Remediation at Mandiant (part of Google Cloud), took the stage at #BlueHatIndia to dive into bare metal hypervisors, an increasingly attractive target for threat actors. In his session, he shared insights on: • Tactics, techniques, and procedures (TTPs) used to target hypervisors • Investigating malicious activity in virtualized environments • Rapid remediation strategies • Defending the hypervisor layer against advanced threats

We’re excited to welcome Thirumalai Natarajan (@th1rum), Senior Manager of Incident Response & Remediation at Mandiant (part of Google Cloud), to the BlueHat India stage. In his session, “Incident Response in Virtual Infrastructure: Combating APT and eCrime Threats,” Thirumalai will explore how hypervisors—key to virtual infrastructure—are becoming prime targets for sophisticated eCrime groups and nation-state actors due to their low visibility and lack of traditional endpoint protections. This talk will offer a practical approach to incident response in virtualized environments, with a focus on analyzing logs, memory artifacts, and flat files. #BlueHatIndia

📺 SANS #DFIRSummit Talks are live! ️ ️ 🗣Featured Experts: Anurag Khanna (@khannaanurag) & Thirumalai Natarajan (@Th1ruM) 👏 Defending and Investigating Hypervisors ➡️ Watch Now: youtu.be/lJwc_UgzbO4

.@khannaanurag & @Th1ruM discuss an investigation approach and evidence created during common attack scenarios when hypervisors are targeted. Listen here: sans.org/u/1pkc #DFIR #IR #IncidentResponse #DFIRSummit

Join us at #DFIRSummit when @khannaanurag & @Th1ruM will share the Poling will discuss an investigation approach and evidence created during common attack scenarios when hypervisors are targeted. Register here: sans.org/u/1pkc #DFIR #IR #IncidentResponse

#RSAC Podcast guests @khannaanurag and @Th1ruM share their learnings and thoughts on the #ransomware attack life cycle, practical security controls and enforcement measures to defend against and limit the impact of ransomware attacks. Tune in now! spr.ly/60103JEPE

📺 SANS #DFIRSummit Talks are live! ️ 🗣Featured Experts: Thirumalai Natarajan Muthiah & @khannaanurag 👏 Presentation: Threat Hunting in Microsoft 365 Environment ➡️ Watch Now: youtu.be/2A0faMIEp00

Looking forward to speak at SANS DFIR Summit this year on topic "Threat Hunting in Microsoft 365 Environment". We will talk through ways of how blue teams can hunt for some of the novel and sophisticated attack techniques that threat actors use to target Microsoft 365 environment

The #MTrends 2022 report is here! Download your copy today to get our insights from the frontlines of #cybersecurity mndt.info/36pf8CN

In light of the crisis in Ukraine, Mandiant is preparing for Russian actors to carry out aggressive cyber activity against customers & the community. Read our whitepaper for guidance on how to protect against these sorts of destructive cyber attacks. ➡️ mndt.info/3nuheY2

In their #ThreatHuntingSummit, @Th1ruM & @khannaanurag share methods used by attackers to maintain persistence, covertly elevate privilege at will, and maintain and exert control over systems managed by #ActiveDirectory. youtu.be/xeCCYmE4bZM

🚨NEW VIDEO ON YOUTUBE! 🚨 In their #ThreatHuntingSummit, @Th1ruM & @khannaanurag share methods used by attackers to maintain persistence, covertly elevate privilege at will, and maintain and exert control over systems managed by #ActiveDirectory. youtu.be/xeCCYmE4bZM

Our #vblocalhost white-paper is now shared on the VBlocalhost website, there is a presentation in the live Day2 channel track also. We talk about Attacker TTPs and Hunting in Hybrid Active Directory. vblocalhost.com/uploads/VB20…

I always love speaking at SANS. We presented on "Hunting backdoors in Active Directory" at SANS Threat Hunting Summit this week. Thanks @SANSAPAC @sansforensics @DFIRSummit

Attacking and Defending Hybrid Active Directory Environments by Anurag Khanna @khannaanurag & Thirumalai Natarajan @Th1rum youtu.be/9rb3KYKbdSI #BSidesSingapore2021 #BSidesSG2021 #SecurityBSides #HackerCon #virtualconference #virtualevent

At VB2021 #vblocalhost @Th1ruM and @khannaanurag describe the areas of security exposure in hybrid Active Directory and the techniques threat actors can use to target them. Register now for free vblocalhost.com/presentation…

Join us at #ThreatHuntingSummit when @Th1ruM and Anurag Khanna will talk about different methods of hunting and detecting for misconfigurations and backdoors to help find these faster and respond effectively. Register now for FREE: sans.org/u/1eO6 #ThreatHunting

At VB2021 #vblocalhost @Th1ruM and @khannaanurag describe the areas of security exposure in hybrid Active Directory and the techniques threat actors can use to target them. Register now for free vblocalhost.com/presentation…

n00py.io/2021/05/dumping-pla… My notes on the recent discovery by @jonasLyk. Looks like before I even finished writing this blog @gentilkiwi has already figured it out completely and is already adding it to Mimikatz :D

Looking forward to speak at @BlackHatEvents #BHASIA