In early 2015, during an acquisition by Telstra, Pacnet was breached. The company spent most of the year responding to a series of security incidents in the Pacnet network, which were linked together and believed to be targeted. Using examples from the Pacnet breach and follow-on waves, Brian Candlish and Christian Teutenberg explain how Telstra responded to the incidents and detail the visibility required to respond to a security incident that spans a global network. Along the way, they cover the combination of intelligence, hunting, and active defense required to address this problem, explore actor TTPs, and outline the tools and activity associated with this campaign. Expect to see pcap decodes, command-line activity, and actor typos.
Brian Candlish is a security researcher at Telstra, Australia’s largest telecommunications company, where he spends his days and nights making the internet a safer place. His interests in information security include attack and detection techniques, intelligence, and active defense. He enjoys hunting adversaries on large corporate networks.
Christian Teutenberg is a security researcher at Telstra, Australia’s largest telecommunications provider, where he specializes in hunting for evidence of breach with endpoint, network, and log data. He has over a decade of experience in information security, with a background focusing on intrusion detection, incident response, and computer forensics for the enterprise.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org