NO EASY BREACH:Challenges and Lessons Learned from an Epic Investigation

Presented at BruCON 0x08 (2016), Oct. 28, 2016, 10:30 a.m. (60 minutes).

Every Incident Response presents unique challenges. But — when an attacker uses PowerShell, WMI, Kerberos attacks, novel persistence mechanisms, seemingly unlimited C2 infrastructure and half-a-dozen rapidly-evolving malware families across a 100k node network to compromise the environment at a rate of 10 systems per day — the cumulative challenges can become overwhelming. This talk will showcase the obstacles overcome during one of the largest and most advanced breaches Mandiant has ever responded to, the novel investigative techniques employed, and the lessons learned that allowed us to help remediate it.

Presenters:

Links:

Similar Presentations: