Tech Talk – Threat Hunting for Cloud Compromising Technique and Threat Actor Profiling for Group “Team TNT”


Topics will be covered

  1. One of the most successful threat actor -Team TNT who targeted cloud and containerized environments
  2. Command and control analysis and cloud instances compromises techniques with functions executed
  3. Cloud Techniques involved
    • AWS Keys and Metadata Extraction
    • Docker Scanning and Installation
    • DRedis-cli services scanning and compromises
    • Kubernetes-instances compromise techniques
    • Competitor Miners Identification and Removal Techniques
  4. Linux Privileges Escalation and Compromise Techniques used
    • Diamorphine – Linux Kernal Module rootkit
    • Libcap for network packet sniffing
    • Zgrab – Golang Build fork of zmap
    • Masscan and pnscan usage
    • Defense Evasion – Impair / Disable Security Features
    • Functions used for compromising techniques
  5. Windows Privilege Escalation Techniques used
    • SQL Database user addition/ Deletion
    • Service Execution
    • Impair Defenses: Disable or Modify Tools
    • PowerShell Execution

Duration: 30 Minutes

Who Should Attend ?
Security Analysts, Threat Hunters, Incident Managers, Practitioners interested in Threat Actor Profiling etc.

About Trainer :

Chetan Kawley is a Threat Hunting Security Researcher