Overview
Explore the complexities of battling multiple advanced persistent threats (APTs) simultaneously in this 35-minute SANS DFIR Summit 2024 presentation. Delve into a real-world scenario where incident responders face the challenge of neutralizing a financially motivated threat actor while inadvertently disrupting a Chinese state-sponsored adversary, only to encounter a second Chinese APT. Learn about the intricate cat-and-mouse game between incident responders and highly persistent threat actors, uncovering their adaptive tactics in response to remediation efforts. Gain insights into the challenges of managing multiple concurrent threats, including evolving indicators of compromise (IOCs) and evasion techniques. Benefit from firsthand experiences, lessons learned, and strategies for effectively combating state-sponsored threat actors in complex cybersecurity environments.
Syllabus
How persistent is an APT? Battling Three Threat Actors in a Single Environment
Taught by
SANS Digital Forensics and Incident Response