Tools and Tactics
There are numerous ways you can interact with an advanced or persistent threat. Most organizations will simply take the compromised machines offline and have them rebuilt for circulation back into the enterprise. This may suffice if you are dealing with an opportunistic criminal who has no direct interest in your enterprise’s data. However, this approach almost never works when you have a persistent threat that is willing to use advanced techniques to maintain a steadfast presence on your network for a specific motive or objective.
One of the most important things you need to remember is that you have physical control ...