This chapter is about ending the conflict and remediating a compromise
This chapter covers several topics such as:
- Exfiltration with protocol tunneling
- Using steganography in exfiltration
- Public dump sites
- Public anonymity networks
- Private anonymity networks
- Program security
- Taking down infrastructure
- Retiring tools and techniques
- Fully scoping an intrusion
- Containing the incident
- Remediation activities
- Post-mortem analysis
- Publishing lessons learned
- Forward looking activities
The following are some images included in this chapter
This image shows some consideration that could be done on when to respond to a incident
This image shows what happens if a defender responds too soon without fully scoping the incident
This last images shows how a defender can triage their entire fleet, quarantine hosts, and perform RCA strategicly