Investigating data exfiltration…

Credit to Author: Angela Gunn| Date: Fri, 03 Nov 2023 17:09:16 +0000

On our new Sophos X-Ops video channel, Robert Weiland of the Incident Response team walks viewers through a data-exfiltration investigation, starting with an idea of which system on the affected estate might have been involved with the incident, and ending with an understanding of the tools used by the attacker – and, crucially, which files were taken. Incident responders (especially those familiar with the Sophos Central console) will feel very much at home. For others, it’s a quick-paced look at the thought process that goes into diving into a data lake and surfacing with treasure.

Going forward, we’ll be doing video demonstrations and walkthroughs on a regular basis. Subscribe to our Sophos X-Ops video channel to see what else the Incident Response, MDR, Labs, and AI teams are working on. If you’d like to get that information in a different format, bookmark this blog for recaps (and, if you like, commenting capability), and our GitHub video-transcripts repository for full (and fully spell-checked by humans, because accuracy in CVEs and code is a good thing) transcripts of each video.

http://feeds.feedburner.com/sophos/dgdY