On Apr 14, 2015, at 8:36 AM, Dmitri Alperovitch <[email protected]> wrote:
> Anything is possible, of course, but we record and transmit to the cloud > pretty much all execution activities - process creation, thread creation, > dll/kernel driver loads, etc (about 150+ different event types) and we've > gone through all the events with a fine-tooth comb. The evidence is pretty > clear - they ran the commands to check for us and then all processes/network > connections were terminated - they simply GTFO! Re: Unless of course they backdoored a router or switch or anything else? We call the team that does this BadAssAlbinoRhinos. Did you have complete network traffic visibility to confirm other movement had stopped? Daniel Clemens O +1 202 747 0043 Ext 7001 F +1 205 449 4731 Silent Circle: danielclemens Packet Ninjas http://www.packetninjas.net
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
