Detections and Defensive Insights From the ContiLeaks

Date: March 15, 2022

Recorded on Tuesday, March 15th, 2022 at 1pm Eastern

On February 27, 2022, a cache of chat logs from the notorious ransomware group Conti was anonymously leaked to the public. The leak revealed previously unpublished information about the group’s internal workings and provided security practitioners with a unique view into how an APT group functions. In addition to uncovering their tactics, techniques, and procedures (TTPs), the leak unveiled details of the group’s tooling, guides, and internal chat logs.

The TrustedSec Incident Response team analyzed the leaked documents to better understand this group’s TTPs and how basic detections and artifacts could be developed to search for IOCs within an environment. Other points of discussion during the webinar include:

  • What ContiLeaks is and why it matters to the security of your organization
  • What types of TTPs were used including actionable items such as search queries and Sysmon rules
  • Recommendations for detection and defense specific to this group’s approach

Join Incident Response Consultants Steven Erwin, Ashley Pearson, and Nick Gilberti to understand how to practically use information found in the leak to improve your organization’s security. This topical webinar will provide a unique analysis of one of the most consequential leaks in ransomware history.

Download the presentation slides