AV will fail. Users will open malicious email attachments and click links. Systems will get pwnd. This talk is about endpoint remediation. The need for full system rebuilds is a thing of the past. SOC teams should be remediating infected systems with confidence. This concept is completely foreign to most SOC analysts and organizations. I fully outline how to overcome this irrational fear.
Brandon brings 7+ years of DFIR experience. Currently, he leads a team who remediates malware, with extreme prejudice, from client systems with the goal of zero downtime. He's done just about everything in DFIR to some degree: front line alert monitoring, intrusion response, internal investigations, deep dive host forensics, pcap analysis, threat intel, and threat hunting. He has a passion for anything infosec.
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek