Webinar: Inside the SOC EP #001
March 3rd @ 1:00PM MT

What’s Working for Attackers Right Now

SOC-Led, Real incidents, No sales pitch

The techniques attackers use to gain a foothold aren’t new.
What is evolving is how those techniques are executed, staged, and blended into normal activity, and how quickly they move from access to impact.

In this 45-minute briefing, Blackpoint’s Response Operations Center walks through two real incident patterns we’re actively seeing across customer environments, breaking down what actually works for attackers and where defenders lose control.

This is not a threat report.
It’s a view from inside an active SOC.

You’ll walk away with:

• A breakdown of ClickFix and fake CAPTCHA campaigns, why they remain effective and how attacker delivery has adapted as awareness increased
• How attacker execution and staging tradecraft has evolved to proxy activity through trusted, signed Microsoft components
• A closer look at LOLBIN abuse, including the use of App-V scripts to blend execution into expected behavior
• A real-world walkthrough of a recent ScreenConnect Cloud incident, including:
  • Abuse of legitimate remote management functionality
  • curl-based payload staging
  • Persistence established using trusted tooling
• Practical mitigation strategies partners can use to reduce risk across their end-client environments

Details

• Duration: 45 minutes
• Format: Live SOC-led briefing + Q&A
• Date: March 3rd, 1:00 PM MT