In this session, MoFo breach counsel and Unit 42 incident responders will demystify the jargon behind hacking techniques and forensic investigations, and share what you need to know to make sense of the technical discussions on incident response calls. We’ll cover common questions that come up, like:

• What are the most common initial vectors of intrusion used by hackers to get into networks? What is “password spraying” and “credential stuffing”?
• What does it mean to “harvest credentials,” and how do hackers move laterally and escalate privileges?
• What are the most common log sources used in a forensic investigation and what is their significance?
• What does “staging” mean? How do incident responders determine whether data has been exfiltrated vs accessed?
• How do you investigate activity in the Cloud, and how is it different from on-premises investigations?
• What is the difference between anti-virus software and Endpoint Detection and Response (EDR), and next-generation tools like Extended Detection and Response (XDR)?