Advanced incident remediation techniques

Presented at 44CON 2016, Unknown date/time (Unknown duration)

When working in large network breaches, the technique of removing the infected hosts immediately and one-by-one is not the best or only option.  In this presentation we will look at the other methods of used; "mass remediation" and "outrunning the attacker".  We will look at the conditions necessary to make them work (team, profile, target, network and attacker), how they scale, the sort of resources you need to make the effective and how the attacker may respond if you don't maintain control. This is a ‘from the trenches' session and not an academic theses, the presenter has implemented various techniques and faced different results, both good and bad.  This session is your opportunity to learn from their experience.

Presenters:

• Steve Armstrong

Similar Presentations:

• Wild West Hackin' Fest 2019 / Campfire Stories - 15 minutes each
• DeepSec 2014 „Do you want to know more?“ / Trap a Spam-Bot for Fun and Profit
• ShellCon 2019 / Premediation: The Art of Proactive Remediation