--[ Ransomware: Brokering Initial Access

$ getent passwd
├── names:
│   ├─ Trevor Hilligoss
│   └──────── CW Walker
├──── org: SpyCloud
└─ social:
   ├─ linkedin: in/thilligoss/
   └─ linkedin: in/cwrwalker/

Trevor is an Army veteran and former Special Agent with the US Army's Criminal Investigation Division, Cyber Directorate, and spent several years working on an FBI Cyber Task Force focused on investigations into commodity malware, before departing government service to focus on cybersecurity research. Trevor enjoys creating overcomplicated Python scripts whose only purpose is to languish in GitHub repositories and woodworking while not researching bad actors on the internet.

CW began his career in the Federal Bureau of Investigations before becoming a Cyber Threat Intelligence Analyst in the private sector. CW has supported investigations ranging from Human Trafficking to Eurasian Cyber Counterintelligence both inside and outside of the FBI. When CW isn't trying to strip criminals of their anonymity, he can be found trying to automate his life and hanging out with his toddlers.


With 68% of organizations hit by ransomware last year, organizations feel less confident than ever about their preventative measures. The SpyCloud Ransomware Defense Report launched in September, where infosec leaders told us the impact of ransomware to their enterprise and explored the gaps in their defenses and plans to shore them up. One of their biggest blind spots? Credential-siphoning malware on unmonitored devices. We’ll explore the implications of this plus additional findings, including how adversaries are exploiting vulnerable services and even bypassing multi-factor authentication using data stolen by commodity malware sold for as little as $100 a month.