- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
T1562 — Impair Defenses | MITRE Spotlight
Ransomware gangs disable your defenses before you even know they're inside.
MITRE Spotlight | DFIR Media
• Attackers use MITRE T1562 to turn off EDR, Windows Defender, and Sysmon.
• They run sc stop commands to kill security services before deploying ransomware.
• Event ID 7045 shows new services being installed to remove EDR agents.
• Tamper protection alerts fire when attackers try to disable audit policies.
• Hunt for sc delete commands targeting known EDR service names in your logs.
• This technique is the final step before ransomware encrypts everything.
AI-generated narration | DFIR Media
Видео T1562 — Impair Defenses | MITRE Spotlight канала DFIR Lab
MITRE Spotlight | DFIR Media
• Attackers use MITRE T1562 to turn off EDR, Windows Defender, and Sysmon.
• They run sc stop commands to kill security services before deploying ransomware.
• Event ID 7045 shows new services being installed to remove EDR agents.
• Tamper protection alerts fire when attackers try to disable audit policies.
• Hunt for sc delete commands targeting known EDR service names in your logs.
• This technique is the final step before ransomware encrypts everything.
AI-generated narration | DFIR Media
Видео T1562 — Impair Defenses | MITRE Spotlight канала DFIR Lab
Комментарии отсутствуют
Информация о видео
5 мая 2026 г. 10:50:25
00:00:40
Другие видео канала
Mystery Malware Coded in Unknown Language Stumped World's Best Hackers
AI Alert Triage
DNS Configuration Analysis
Ransomware's Worst Nightmare (Shadow Copies) #DFIR #Cybersecurity
T1190 — Exploit Public-Facing Application | MITRE Spotlight
PCAP Files | Artifact of the Day
macOS Unified Logs | Artifact of the Day
Shellbags | Artifact of the Day
PCAP Files | Artifact of the Day
Attack Surface Scan
Google Safe Browsing Check
Windows Event Logs — PowerShell | Artifact of the Day
Cobalt Strike Beacon Detection Patterns | Detection Rule Friday
LOLBins — Living Off the Land Detection | Detection Rule Friday
Student Accidentally Broke 10% of the Internet in 1988
Sysmon (System Monitor) | Tool Tuesday
KAPE (Kroll Artifact Parser and Extractor) | Tool Tuesday
Business Email Compromise (BEC) Investigation | IR Playbook
China's Secret Hacker Army Finally Exposed by Name and Face
Suspicious DNS Query Patterns | Detection Rule Friday
