Explore the intricacies of post-infection response and mitigation in this conference talk from SecureWV 2015. Delve into why post-infection is considered a gray area, examine the obsolescence of traditional antivirus solutions, and understand various persistence techniques employed by attackers. Learn about the challenges of limited exposure and generic breach responses. Discover essential tools and techniques for effective incident response, including memory dumps, battle planning, and the use of specialized software like Process Explorer, DumpIt, and Sysinternals Autoruns. Gain valuable insights into verification processes and comprehensive strategies for handling security breaches in today's evolving threat landscape.
Overview
Syllabus
Intro
Welcome
Who is Caleb
Overview
Why is postinfection a gray area
Antivirus is dead
Persistence techniques
Lack of exposure
Generic breach responses
Image it
Denial
Memory dumps
Battle planning
Tools
Process Explorer
Properties
DumpIt
PC100 Overview
Other Tools
SysInternals
Autoruns
Verification
