living with the threat of determined attackers - rant0214
DESCRIPTION
Presentation Slides from Manchester RANT 14-02-2014TRANSCRIPT
![Page 1: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/1.jpg)
![Page 2: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/2.jpg)
MANCHESTER RANT FEBRUARY 14TH 2014
![Page 3: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/3.jpg)
YOUR SPEAKER – JAMES MCKINLAY • 2014 CISO LEVEL SECURITY, RISK & COMPLIANCE CONSULTANCY ACROSS EUROPE
• 2013 PCIDSS COMPLIANCE AT WALMART FOR ASDA & GEORGE (LEVEL ONE MERCHANT)
• 2011 - 2013 PCIDSS COMPLIANCE MANCHESTER AIRPORTS GROUP (LEVEL THREE MERCHANT)
• 2006-2011 PCIDSS COMPLIANCE HOMELOAN MANAGEMENT LIMITED (LEVEL ONE SERVICE PROVIDER)
• 2006 ECOMMERCE SECURITY– THOMAS COOK SCHEDULED BUSINESS
![Page 4: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/4.jpg)
EXEC SUMMARY –
• DEFENDERS ARE INCREASINGLY BEING OVERRUN BOTH BY EVENTS GENERATED BY ORDINARY
CYBERCRIME AND BY ADVANCED, TARGETED ATTACKS FROM SOPHISTICATED ADVERSARIES.
• INCREASED COMPLEXITY AND FREQUENCY OF ATTACKS, COMBINED WITH REDUCED EFFECTIVENESS OF
PREVENTATIVE CONTROLS, INCREASES THE NEED FOR ENTERPRISE-SCALE SECURITY INCIDENT RESPONSE
• THREAT INTELLIGENCE AND CONTINUOUS IMPROVEMENT OF INCIDENT RESPONSE PROCESSES ARE
NEEDED BY ENTERPRISES TO REDUCE THE EFFORT REQUIRED IN CONTAINING LOSSES AND RISKS.
![Page 5: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/5.jpg)
WHAT DO I MEAN BY . . . .
•DETERMINED ATTACKERS
•BETTER INTELLIGENCE
•BETTER PREPARED
![Page 6: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/6.jpg)
WHAT DO I MEAN BY DETERMINED ATTACKER
• GET IN PAST YOUR PREVENTATIVE DEFENCES
• STEAL SOME VALID CREDENTIALS
• REMOVE TOOLS USED IN GETTING IN
• FIND SOME REMOTE ACCESS AND USE VALID CREDENTIALS
• EXPLORE THE ENVIRONMENT
• STEAL DATA – RINSE AND REPEAT
![Page 7: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/7.jpg)
JIM ALDRIDGE BH2012
https://dl.mandiant.com/EE/library/BH2012_Aldridge_RemediationPres.pdf
![Page 8: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/8.jpg)
PREVENTATIVE CONTROLS ARE NOT ENOUGH A “Determined attacker will not be put off by traditional IT security technology
•Basic AV Avoidance
•Basic IDS Avoidance
•Modern Sandbox Avoidance
•WAF Identification
•Web Filter Avoidance
•Email Filter Avoidance
![Page 9: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/9.jpg)
BASIC AV AVOIDANCE
• HTTPS://WWW.VEIL-FRAMEWORK.COM/FRAMEWORK/VEIL-EVASION/
![Page 10: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/10.jpg)
BASIC IDS AVOIDANCE
• HTTP://WWW.MONKEY.ORG/~DUGSONG/FRAGROUTE/
• HTTP://EVADER.STONESOFT.COM
![Page 11: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/11.jpg)
MODERN SANDBOX AVOIDANCE
• HTTP://WWW.GIRONSEC.COM/BLOG/2013/10/ANTI-SANDBOXING-IDEAS/
![Page 12: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/12.jpg)
BASIC WAF IDENTIFICATION • OWASP XSS TOOL “XENOTIX” GIVES US A EXAMPLE OF A GUI WAF IDENTIFIER
• HTTPS://WWW.OWASP.ORG/INDEX.PHP/OWASP_XENOTIX_XSS_EXPLOIT_FRAMEWORK
![Page 13: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/13.jpg)
BASIC WEB PROXY AVOIDANCE
• HTTPS
• TOR BRIDGE RELAY
• HTTPS://WWW.TORPROJECT.ORG/
![Page 14: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/14.jpg)
EMAIL FILTER AVOIDANCE TRICKS • LARGE BENIGN ATTACHMENTS MEAN MESSAGES GET SKIPPED FOR SPAM PROCESSING
• WELL FORMED FIRST MESSAGE GETS SENDER ONTO A WHITELIST
• BACKGROUND READING
• “INSIDE THE SPAM CARTEL” , “BOTNETS THE KILLER APP” , “PHISHING EXPOSED”
![Page 15: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/15.jpg)
BASIC PHISHING MANAGERS
• SET - HTTP://WWW.SOCIAL-ENGINEER.ORG/FRAMEWORK
• PHISH FRENZY - HTTP://WWW.PENTESTGEEK.COM/2013/11/04/INTRODUCING-PHISHING-FRENZY/
• SENINJA - HTTP://WWW.ALDEID.COM/WIKI/SOCIAL-ENGINEERING-NINJA
![Page 16: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/16.jpg)
COMPLETE ATTACK MANAGERS
• HTTP://WWW.ADVANCEDPENTEST.COM/FEATURES
• HTTP://WWW.FASTANDEASYHACKING.COM/
![Page 17: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/17.jpg)
POST EXPLOITATION
• BOOK “CODING FOR PENETRATION TESTERS” HAS A CHAPTER DEVOTED TO THIS
![Page 18: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/18.jpg)
POST EXPLOITATION (2)
• WCE - HTTP://WWW.AMPLIASECURITY.COM/RESEARCH.HTML
• PRIVILEGE ESCALATION - HTTPS://WWW.INSOMNIASEC.COM/RELEASES
![Page 19: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/19.jpg)
WHAT IS THE MESSAGE
•DON'T GET COMPLAISANT –
IF THEY WANT TO GET IN
BADLY ENOUGH – THEY
WILL GET IN !
![Page 20: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/20.jpg)
WHAT DO I MEAN BY . . . .
•DETERMINED ATTACKERS
•BETTER INTELLIGENCE
•BETTER PREPARED
![Page 21: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/21.jpg)
WHAT DO I MEAN BY BETTER INTELLIGENCE
• TO KNOW WHAT YOU KNOW AND TO KNOW WHAT YOU DON'T KNOW IS THE SIGN OF ONE WHO KNOWS
• KNOW THE WEAKNESSES IN YOUR DEFENCES
• KNOW THE TECHNIQUES USED BY YOUR ENEMY
• KNOW WHO TO TURN TO FOR HELP
![Page 22: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/22.jpg)
WHERE ARE MY WEAKNESSES • INTERNAL AND EXTERNAL AUDIT REPORTS
• PENETRATION TEST RESULTS
• RISK WORKSHOPS
• INTERVIEW FRONT LINE STAFF
• WHISTLE-BLOWING HOTLINE
• ITS WORTH ASSUMING THAT YOUR PERIMETER HAS BEEN BREACHED
• AND THAT YOU SHOULD PLAN A RESPONSE STRATEGY
![Page 23: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/23.jpg)
APT INTELLIGENCE REPORTS IN MARKETING • VENDOR ISSUED APT REPORTS AND ADVANCED MALWARE REPORTS
• MANDIANT APT1 REPORT OPENED THE FLOOD GATES
![Page 24: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/24.jpg)
MALWARE RESEARCH COMMUNITY • HTTP://AVCAESAR.MALWARE.LU/
• HTTP://WWW.MALSHARE.COM/ABOUT.PHP
• HTTPS://MALWR.COM/
• HTTP://SUPPORT.CLEAN-MX.DE/CLEAN-MX/VIRUSES?
• HTTP://VIRUSSHARE.COM/ABOUT.4N6
• HTTP://VIRUSTOTAL.COM
• HTTP://VXVAULT.SIRI-URZ.NET/VIRILIST.PHP
• HTTP://WWW.OFFENSIVECOMPUTING.NET
Small sample
![Page 25: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/25.jpg)
RSS ENABLED BLOGGING COMMUNITY
RSS Band it http://rssbandit.org/ http://stopmalvertising.com/
![Page 26: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/26.jpg)
IP REPUTATION COMMUNITIES • EXAMPLE: ALIENVAULT OPEN THREAT EXCHANGE HTTPS://WWW.ALIENVAULT.COM/OPEN-THREAT-EXCHANGE
![Page 27: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/27.jpg)
“NOT MARKETING” VENDOR REPORTS • MICROSOFT SECURITY INTELLIGENCE REPORTS
• CISCO ANNUAL REPORTS
![Page 28: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/28.jpg)
CISP ENVIRONMENT • GOVERNMENT CYBER SECURITY STRATEGY INVOLVES REACHING OUT TO INDUSTRY BEYOND CNI
• GCHQ, CESG AND CPNI COLLABORATED ON CISP HTTPS://WWW.CISP.ORG.UK/
![Page 29: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/29.jpg)
READING: WHITEPAPERS • FEW EXAMPLES
• SOC
• IR
• DATA BREACH
• MALWARE
![Page 30: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/30.jpg)
REFERENCES • PAPERS
• HTTP://H71028.WWW7.HP.COM/ENTERPRISE/DOWNLOADS/SOFTWARE/ESP-BWP014-052809-09.PDF
• HTTP://WWW.EMC.COM/COLLATERAL/WHITE-PAPERS/H12651-WP-CRITICAL-INCIDENT-RESPONSE-MATURITY-JOURNEY.PDF
• HTTPS://OTALLIANCE.ORG/RESOURCES/INCIDENT/2014OTADATABREACHGUIDE.PDF
• HTTP://WWW.MICROSOFT.COM/EN-GB/DOWNLOAD/DETAILS.ASPX?ID=34793
• HTTP://WWW.ASD.GOV.AU/INFOSEC/TOP-MITIGATIONS/TOP35MITIGATIONSTRATEGIES-LIST.HTM
• HTTP://WWW.FIRST.ORG/CONFERENCE/2008/PAPERS/KILLCRECE-GEORGIA-SLIDES.PDF
• HTTP://WWW.SANS.ORG/READING-ROOM/WHITEPAPERS/DETECTION/EARLY-MALWARE-DETECTION-CORRELATION-INCIDENT-RESPONSE-SYSTEM-CASE-STUDIES-34485
• HTTPS://WWW.GOV.UK/PUBLIC-SERVICES-NETWORK#PSN-STANDARDS
• HTTP://CSRC.NIST.GOV/PUBLICATIONS/NISTPUBS/800-61REV2/SP800-61REV2.PDF
![Page 31: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/31.jpg)
BACKGROUND READING: BOOKS
![Page 32: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/32.jpg)
DEEPER DIVE : BOOKS
![Page 33: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/33.jpg)
WHAT DO I MEAN BY . . . .
•DETERMINED ATTACKERS
•BETTER INTELLIGENCE
•BETTER PREPARED
![Page 34: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/34.jpg)
WHAT DO I MEAN BY BETTER PREPARED • USER AWARENESS
• CYBER STRATEGY AT BOARD LEVEL
• IT ASSURANCE FRAMEWORK
• SECURITY OPERATIONS MATURITY
• SOC
• CIRT
• THREAT INTELLIGENCE
• PROACTIVE APT HUNTERS
![Page 35: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/35.jpg)
PHISHING AWARENESS • DO YOU REMEMBER THE DIY SLIDES
![Page 36: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/36.jpg)
PROFESSIONAL PHISHING AWARENESS
• PHISH5
• PHISHME
![Page 37: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/37.jpg)
CYBER STRATEGY AT BOARD LEVEL • GOVERNMENT COMMITMENT TO SUPPORT INDUSTRY
• .GOV.UK AND SEARCH “CYBER”
![Page 38: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/38.jpg)
CYBER STRATEGY ( ALSO WORTH A READ) • BELGIAN CHAMBER OF COMMERCE - BCSG
• HTTP://WWW.ICCBELGIUM.BE/INDEX.PHP/QUOMODO/BECYBERSECURE
![Page 39: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/39.jpg)
COBITv5
Processes for Management
Deliver, Service and Support
Manage IT Operations
Manage IT Assets
Manage IT Configurations
Manage IT Incidents
Manage Business
Continuity
Manage Information
Security
Manage Business Process
Processes for Governance
ITCF -V- ISMS • CONTROL FRAMEWORK
• HTTP://WWW.ISACA.ORG/COBIT/PAGES/DEFAULT.ASPX
![Page 40: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/40.jpg)
ITAF –V- ITCF • WHAT IS IT ASSURANCE
![Page 41: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/41.jpg)
SECOPS MATURITY (SOC) • SIEM
• CORRELATION
• STAFFING
• DROWNING IN DATA
• HTTP://WWW8.HP.COM/H20195/V2/GETPDF.ASPX/4AA4-6539ENN.PDF
• HTTP://WWW.ACI-NA.ORG/SITES/DEFAULT/FILES/S4-NESSI.PDF
• HTTP://WWW.SECURITE.ORG/PRESENTATIONS/SOC/MEITSEC-SOC-NF-V11.PDF
![Page 42: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/42.jpg)
SECOPS MATURITY (CIRT)
• THREAT INTELLIGENCE FEEDS
• LIVE RESPONSE TECHNIQUES
• ENTERPRISE CLASS FORENSIC ACQUISITION
• STAFF DEVELOPMENT
• MALWARE REVERSING SKILLS / SOCIAL ENGINEERING SKILLS
• WORKFLOW BPM TOOLING
• NETWORK CONTAINMENT / NAC
![Page 44: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/44.jpg)
FREE TOOLS • FROM MANDIANT
![Page 45: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/45.jpg)
LESSONS WITH OPENIOC FREE TOOLS
![Page 46: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/46.jpg)
SECOPS MATURITY (APT HUNTERS) • WHAT IS REDLINE
• COLLECTS WINDOWS ACTIVITY FROM
• FILE
• REGISTRY
• DNS LOOKUPS
• PROCESSES IN MEMORY
• NETWORK CONNECTIONS
• FIRST RESPONDER INVESTIGATIONS
![Page 47: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/47.jpg)
(.MANS) REDLINE TRIAGE COLLECTION • 1
![Page 48: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/48.jpg)
(.MANS) REDLINE TRIAGE COLLECTION • 2
![Page 49: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/49.jpg)
(.MANS) REDLINE TRIAGE COLLECTION • 3
![Page 50: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/50.jpg)
TACKLING ADVANCED THREATS • THERE IS NO SINGLE TECHNOLOGY TO
• “RULE THEM ALL”
• 1) RECOGNISE “PREVENTATIVE” ISN'T ENOUGH
• 2) GET SENIOR LEVEL SPONSORSHIP
• 3) GET THE RIGHT PEOPLE
• 4) GET THE RIGHT TOOLING
![Page 51: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/51.jpg)
VENDORS TACKLING ADVANCED THREATS • THERE IS NO SINGLE TECHNOLOGY TO RULE THEM ALL
Mandiant
Carbon Black
Guidance Software
CounterTack
CrowdStrike
Tanium
Intelligent ID
Nexthink
Webroot
LogRhythm
TrustCloud
Cyvera
ARBOR – Prevail
DAMBALLA – Failsafe
FIDELIS – XPS
LANCOPE – StealthWatch
SOURCEFIRE - FireAMP
RSA – Netwitness
SOLERA – DeepSee
SOLERA – BluecoatATP
AHNLABS – MDS
CHECKPOINT – threat emulation
FIREEYE – ATP
LASTLINE – Previct
MCAFEE – ValidEdge
TREND – Deep Discovery
PALOALTO – Wildfire
BLUERIDGE – Appguard
BROMIUM – vsentry
HBGARY – DigitalDNA
INVINCEA – Enterprise
Threat Analyser
RSA – ecat
TRIUMFANT – mdar
![Page 52: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/52.jpg)
CREDITS • JEFF YEUTER @ MANDIANT FOR THE REDLINE EXAMPLE
• JIM ALDRIDGE @ MANDIANT FOR THE BLACKHAT2012 APT PRESENTATION
• ANTON CHUVAKIN @ GARTNER FOR THE PAPER “SECURITY INCIDENT RESPONSE IN THE AGE OF APT”
![Page 53: Living with the threat of Determined Attackers - RANT0214](https://reader033.vdocument.in/reader033/viewer/2022052410/54b6f3fb4a7959fd608b45e6/html5/thumbnails/53.jpg)
TIME IS PRECIOUS – THANK YOU FOR YOURS
• FIND ME ON LINKEDIN
• UK.LINKEDIN.COM/PUB/JAMES-MCKINLAY/16/A42/206/