This course covers advanced incident remediation techniques for large network breaches, focusing on "mass remediation" and "outrunning the attacker." The learning outcomes include understanding the conditions necessary for these techniques to work, scalability, required resources, and potential attacker responses. The course teaches skills such as deploying agents, detecting attackers, and protecting information. The teaching method involves real-world experiences and practical examples. The intended audience includes cybersecurity professionals seeking to enhance their incident response skills.
Overview
Syllabus
Intro
Bad hosts
The UFP
Problem with the UFP
The circle despair
Why is wiping the box
What is happening
Who is the attacker
Active attacker
What we typically get
Typical timeline
EM Trends
What can you do
Missed opportunities
Look after your Intel
Protect your information
Telegraph your activities
ENOS
Day slots
Deploying agents
Pentest vs Redteam
They know how to
How we can detect them
OPSEC fails
Sector synchronized isolation
Scenario
How long does it take
Theyre the after bad guy
Weve got some great people
WhackaMole
Mass simultaneous system remediation
Full visibility
Balls of steel
Rebuild
Sector synchronized
Hostile asset recovery
Play a game
Burn Intel
DEFCON Group
Taught by
44CON Information Security Conference
