Cyber attacks have become a reality for everyone. Attackers can gain access to the Active Directory (AD) in a very short time and usually only remain on the corporate network for an equally short time. Especially in the case of cloud attacks, access is gained in just a few minutes. This makes it all the more important to have a functioning and coordinated cyber security solution, especially in the area of threat detection and incident response, as well as across all stakeholders involved.
In this presentation, we will take you through the course of a real cyber attack, from infection vector and lateral movement to privilege escalation. How was the incident successfully detected thanks to our implemented SIEM system? Which specific use cases were implemented? What were the incident r ...