New Cybersecurity Podcast Episode with Exatrac Co-Founder Stéphan Lebert

In this episode of the weekly French-language podcast dedicated to cybersecurity, No Limit SQ, hosts Nicolas Ruf, Hervé Chaur, and Christophe Renard welcome Stéphan Lebert, co-founder of Exatrac, a company specializing in compromise detection. Stéphan provides important insights into a previous episode on detection and compromise research, highlighting several often-neglected aspects. Stéphan begins by emphasizing that compromise detection is not limited to cases where there is initial suspicion. Often, companies request routine checks to ensure their information systems are healthy, especially during acquisition phases or when new CISOs take office. He stresses the importance of regular "checkups" to avoid integrating compromised systems into a larger infrastructure. One key point discussed is the difficulty of detecting anomalies in an information system without an initial indicator of compromise (IOC). Stéphan explains that their approach involves taking "snapshots" of numerous machines to collect forensic artifacts, then analyzing these data to identify weak signals. This method allows for the detection of anomalies that may indicate compromise, even in the absence of detailed logs. The podcast also highlights the importance of not limiting investigations to Windows environments. Attackers are increasingly targeting Linux and macOS systems, where they can operate with less risk of detection. Stéphan mentions cases where attackers have used IoT devices or projection cards to carry out their malicious activities, emphasizing the need to monitor these often-neglected devices. The discussion continues on the importance of logs and historical data. Even without complete logs, crucial information can be found in system artifacts, caches, and configuration files. Stéphan points out that attackers often leave unintentional traces, such as application crashes or bluescreens, which can be exploited to trace the source of the compromise. Another crucial point is the increasing skill level of attackers. Stéphan notes that current attackers are often trained as pentesters, using advanced techniques to identify and exploit system vulnerabilities. This increased sophistication makes detection and incident response even more complex. In conclusion, Stéphan recommends that companies consider their IT infrastructure as potentially compromised and implement control systems to ensure their infrastructure behaves as expected. He emphasizes the importance of logging, even minimally, to respond effectively in case of suspected compromise. For more information, watch the full video at: https://www.youtube.com/watch?v=1_eXCyVY7nI