| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
As an incident responder, have you ever thought about how much easier an investigation would be if you had the C2 server in your possession? In this talk, we are going to deep dive a rare investigation in which Mandiant obtained a forensic copy of an attacker C2 system. You will learn about the initial compromise of the C2 server, the tools and tactics used by the attacker, and the investigative steps taken to identify the full scope of the attack. In addition, you will learn about the specific challenges involved with the analysis, and some unique lessons learned from performing this investigation.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast