This session covers how an actual phishing attack from APT29 came together. We will discuss how incident responders can learn more about the attack and build out a timeline of key events. We will also explain how DNS based security plays an important role in proactively blocking threats and how integrations with Splunk can help you with effective threat hunting.
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC3014.pdf?podcast=1577146214