Forensic Analysis of Compromised VPN Appliances by Advanced Actors

VPNs, intended to provide secure access, are a prime target for advanced attacks. This talk arms DFIR practitioners with essential techniques for analyzing intrusions where VPN access was the initial entry point. Gain a deeper understanding of how threat actors exploit VPN vulnerabilities, bypass authentication mechanisms, and deploy malware. Through real-world case studies, learn to identify indicators of compromise (IOCs) specific to VPN-related attacks, focusing on unusual network traffic patterns, privileged account abuse, and persistence techniques. Attendees will leave with actionable insights for improving incident response processes, developing threat intelligence, and proactively hardening VPN defenses.

SANS DFIR Summit 2024
Forensic Analysis of Compromised VPN Appliances by Advanced Actors
Speakers:
Fernando Tomlinson, Technical Manager, Digital Forensics and Incident Response, Mandiant
Matt Lin, Senior Consultant, Incident Response, Mandiant

View upcoming Summits: http://www.sans.org/u/DuS