Active Incident Response: Kiwicon Edition presented at kiwicon 2017

by Brian Candlish, Christian Teutenberg,

Summary : Security breaches are becoming a daily occurrence now. Wake up, check your twitter and see who the latest victim is. In early 2015, during an acquisition by Telstra, Pacnet was breached -- and suddenly it was us. We spent most of the year responding to a series of security incidents in the Pacnet network which are linked together and believed to be targeted.
We will demonstrate using examples from the Pacnet breach and follow-on waves, how we responded to the incidents and the visibility required to respond to a security incident which spans a global network.
Using a combination of intelligence, hunting and active defense we explore actor TTPs, tools and activity associated with this campaign. Expect to see pcap decodes, command-line activity and actor typos.