
Microsoft Threat Intelligence Podcast
Throwing Darts in the Dark With Microsoft Incident Response
Feb 28, 2024
Exploring threat actors' techniques and incident response challenges. Insights into Octo Tempest. The dynamic nature of incident response work. Managing emotions in high-pressure situations. Teamwork and collaboration in cybersecurity. Importance of comprehensive data collection. Unpacking persistence and dwell time in cyber attacks. Personal narratives in the journey to cybersecurity. Promoting diversity in Microsoft's incident response team.
44:13
Episode guests
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- Threat actors' dwell times vary, with some favoring quick attacks and others opting for prolonged covert activities within networks.
- Comprehensive event logs and data sets like scheduled tasks are crucial for reconstructing timelines and tracking threat actor activities in incident response work.
Deep dives
Dwell Time Variability Among Threat Actors
Threat actors exhibit varying dwell times, with some opting for quick smash-and-grab attacks, completing within 24 hours, while others prefer longer stays to explore high-value assets. The dichotomy in strategies results in either swift exits or prolonged covert activities within compromised networks.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.