Welcome to this learning module on forced authentication with remote icons. In this module, we will go over the nuances of this attack and the challenges it poses for detection. We will also operationalize a hunt for malicious files by leveraging open-source tools. We will close with a demonstration of a lesser-known remote icon attack.
The goal of this module is to:
1. Give you exposure to an attack that is often overlooked.
2. Introduce forced authentication generally.
3. Show the process of turning a hunt into a detection.
4. Inspire you to overcome similar challenges in your own environment.
The events in your SIEM can be found in the following timespan: 21 Mar 2023 - 22 Mar 2023.
Use the `logs-*` index.](https://assets.aceresponder.com/meta/763c838e-d316-4637-8e81-af748f13cdb4.png)
Remote Icon Forced Auth
Prerequisites:
Welcome to this learning module on forced authentication with remote icons. In this module, we will go over the nuances of this attack and the challenges it poses for detection. We will also operationalize a hunt for malicious files by leveraging open-source tools. We will close with a demonstration of a lesser-known remote icon attack.
The goal of this module is to:
- Give you exposure to an attack that is often overlooked.
- Introduce forced authentication generally.
- Show the process of turning a hunt into a detection.
- Inspire you to overcome similar challenges in your own environment.
The events in your SIEM can be found in the following timespan: 21 Mar 2023 - 22 Mar 2023.
Use the logs-* index.
Analyst
$17.49
/mo
Explore realistic pre-recorded attacks
Master full-featured defensive platforms
Browser-based challenges and modules
Extended attack videos
Grants access to Analyst content. You can cancel any time by returning to this page and following the cancellation steps.
Defender
$44.49
/mo
Instant fully interactive labs
Hands-on prevention and detection
Master offensive techniques
Security engineering exercises
Highly realistic and dynamic scenarios
Access to all Analyst-level content
Grants access to all Defender content, Analyst content and interactive lab environments. You can cancel any time by returning to this page and following the cancellation steps.