Forensic Analysis of Compromised VPN Appliances by Advanced Actors

Explore forensic analysis techniques for investigating compromised VPN appliances targeted by advanced threat actors in this 34-minute conference talk from the SANS DFIR Summit 2024. Gain essential skills for digital forensics and incident response practitioners to effectively analyze intrusions where VPN access served as the initial entry point. Delve into the methods used by threat actors to exploit VPN vulnerabilities, bypass authentication mechanisms, and deploy malware. Examine real-world case studies to learn how to identify indicators of compromise specific to VPN-related attacks, with a focus on unusual network traffic patterns, privileged account abuse, and persistence techniques. Acquire actionable insights to enhance incident response processes, develop threat intelligence, and proactively strengthen VPN defenses. Presented by Fernando Tomlinson, Technical Manager of Digital Forensics and Incident Response at Mandiant, and Matt Lin, Senior Consultant for Incident Response at Mandiant, this talk equips security professionals with valuable knowledge to combat sophisticated VPN-based attacks.