Register for a free webinar

Register to watch on-demand

Thank you for registering!

We've received your request and will get back to you soon.

If you do not hear from us in the next 48 hours, please check your spam folder!

Back to homepage

Webinar

On-demand Webinar

Webinar

On-demand Webinar

ATTACK LABS SERIES:

MIND YOUR ATTACK GAPS

Episode 3

Movement isn’t visible (cross-plane lateral movement)

Join Attack Lab Series Episode 3 to learn how attackers move across cloud, identity, SaaS, and endpoints to evade detection. Explore real-world attacks including Sysdig AWS, Shai-Hulud, Cl0p, and UNC6395—and learn 3 actionable ways to close visibility gaps.

60 minutes

August 12, 2026

11 a.m. ET | CEST | SGT

Hosted in

English

Vectra AI is named a Leader in the 2026 Gartner MQ for Network Detection and Response (NDR).

Summary

Cross-plane lateral movement is how modern attacks bypass detection—jumping across cloud, identity, SaaS, and on-prem systems faster than most SOC tools can correlate.

In 2026, attackers don’t break in—they move across planes.

The Sysdig AWS intrusion compromised production in ~8 minutes using an AI agent with valid credentials
The Shai-Hulud npm worm spread from a developer endpoint into CI/CD pipelines and downstream packages ‍
Cl0p continues exploiting managed file transfer platforms like MOVEit and GoAnywhere ‍
UNC6395 pivoted across SaaS platforms, expanding access through Salesloft and Drift

Each attack exploited visibility gaps between tools your SOC relies on.

What You’ll Learn (45-Minute Lab)

How cross-plane lateral movement works across cloud, identity, SaaS, and endpoints
Why SIEM, EDR, and cloud tools fail to correlate these attacks
Behavioral patterns that connect seemingly unrelated alerts
A step-by-step breakdown of the Sysdig AWS attack
Key lessons from real-world campaigns (Shai-Hulud, Cl0p, UNC6395) ‍
3 actionable changes to improve detection and response

Who Should Attend

SOC Analysts
Detection Engineers
Threat Hunters
Security Operations Leaders

Stop Chasing Alerts. Start Connecting Them.

Cross-plane attacks aren’t invisible—they’re just fragmented.

‍Join the lab and learn how to detect what your tools miss.

Speakers

Lucie Cardiet

Host

Cyberthreat Research Manager

Vectra AI

FAQs

Register Now

Register for all 3 sessions here

On Demand Webinars

Identity attacks are winning — Here’s the gap you’re missing

Explore how attackers bypass your MFA, operate undetected in your environments, and how security teams are closing identity detection gaps.

Understanding Modern Attacks (Episode 3)

Join Vectra AI for a three-part Attack Lab Episode 3 that breaks down modern attacks into three 30-minute digestible sessions. Our threat hunters and incident responders will walk through how adversaries enter, hide, and move inside enterprise networks — using real-world attack patterns, live demos, and threat hunting playbooks you can apply immediately.

MongoBleed in the Wild — Finding MongoDB Exposure and Exploitation Signals with Network Metadata (Plus Live Testing Demo)

MongoBleed (CVE-2025-14847) is a remotely exploitable MongoDB vulnerability that allows unauthenticated attackers to leak uninitialized heap memory that allows remote, unauthenticated attackers to leak sensitive server memory—without ever logging in. With public proof-of-concept tooling already available and the vulnerability impacting nearly a decade of MongoDB releases, defenders need a fast, reliable way to identify exposure and detect exploitation attempts across both internet-facing and internal environments.

About Vectra AI

Vectra AI is the leader in hybrid attack detection, investigation and response. The Vectra AI Platform delivers integrated signal across public cloud, SaaS, identity, and data center networks in a single platform. Vectra AI’s patented Attack Signal Intelligence empowers security teams to rapidly detect, prioritize, investigate and stop the most advanced hybrid cyber-attacks. With 35 patents in AI-driven detection and the most vendor references in MITRE D3FEND, organizations worldwide rely on the Vectra AI Platform and MXDR services to move at the speed and scale of hybrid attackers. For more information, visit www.vectra.ai.