Active Incident Response: Kiwicon Edition

Presented at Kiwicon X: The Truth is In Here (2016), Nov. 17, 2016, 2:45 p.m. (30 minutes)

Security breaches are becoming a daily occurrence now. Wake up, check your twitter and see who the latest victim is. In early 2015, during an acquisition by Telstra, Pacnet was breached -- and suddenly it was us. We spent most of the year responding to a series of security incidents in the Pacnet network which are linked together and believed to be targeted. We will demonstrate using examples from the Pacnet breach and follow-on waves, how we responded to the incidents and the visibility required to respond to a security incident which spans a global network. Using a combination of intelligence, hunting and active defense we explore actor TTPs, tools and activity associated with this campaign. Expect to see pcap decodes, command-line activity and actor typos.


  • Christian Teutenberg
    Christian is a Senior Security Specialist for Australia's largest telecommunications provider. He specialises in hunting for evidence of breach with endpoint, network and log data. He has over a decade of experience in information security, with a background focusing on intrusion detection, incident response and computer forensics for the enterprise.
  • Brian Candlish
    Brian Candlish is a Security Researcher for Australia's largest telecommunications company, who spends his days and nights making the internet a safer place. His interests in information security include attack and detection techniques, intelligence and "active defence". He enjoys hunting adversaries on large corporate networks.


Similar Presentations: