You are a cyber defender and see an interesting alert on your SIEM. You obtain live response data to properly investigate and now must determine if an advanced attacker has breached host.
The SIEM alert was related to a dynamic DNS domain. Upon timeline analysis the analyst located additional suspicious domains and files. The attacker delivered the initial payload through a weaponized PDF document. After initial compromise, the attacker time stomped files, created registry keys to maintain persistence, and dumped credentials.
Come by our event and learn the perfect response to handle security incidents.