Me when an APT show up in A network I defend...

Get it? I'm watching from a shell?

big haha?


I cant imagine how scary that is.

How does one fend them off or otherwise deal with that?


The truth is they usualyy take their time, do oberving for a short period to identify new Techniques and record any IOCs happens, then you start blocking execution and traffic.

With real APTs that get a little harder because they have exploits you may not know, but that's what EDR/XDR is for.

Honestly, a lot of APT engagements are playbooked and mostly predictable.

It's the privateers that do wild stuff.



That sounds like bad news, cap'n!

For real though, are they just the "ransomware-your-system" type folks in it for the money? Would a homelab consisting of a few web services without financial info involved be something that'd catch their attention?


This is a longer conversation to be had... a honeypot may do it, but they are really looking for environments that LOOK like enterprise environments.

and yes, usually what I mean by privateers are these sorts of organizations.

There's a lot of ways to gain intel from them.

@thegibson @butingtaon may I ask what all those acronyms are? This (actually doing/knowing about security things) an entirely different world I have no idea how one ends up in so I'm intrigued, but :V

@autumnal @butingtaon APT: advanced persistent threat (think nation-state)

IOC: indicator of compromise

EDR: Endpoint Detection and Response

XDR: Extended Detection and Response

@autumnal @butingtaon also, happy to answer questions. Always looking to educate.

Sign in to participate in the conversation

A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.