strandjs - strandjs@bsky.social · Dec 31, 2020 · 4:32 PM UTC

strandjs - strandjs@bsky.social

strandjs - strandjs@bsky.social @strandjs

31 Dec 2020

Updating Backdoors and Breaches. Want to help? What is the strangest thing that has every happened to you while working an active incident?

155

260

Hal Pomeranz · Dec 31, 2020 · 11:12 PM UTC

Hal Pomeranz · Dec 31, 2020 · 11:12 PM UTC

Hal Pomeranz @hal_pomeranz

31 Dec 2020

Replying to @strandjs

Helpdesk uses your “acquire these images” list as a list of systems to wipe and restore

Dec 31, 2020 · 11:12 PM UTC

Rob VandenBrink · Dec 31, 2020 · 11:15 PM UTC

Rob VandenBrink @rvandenbrink

31 Dec 2020

Replying to @hal_pomeranz @strandjs

Been there, because nobody ever worked out an aquisition procedure with them, all “malware on that station” requests default to nuke & reimage. Not a bad default, unless you wanted an image first ...