I often see statements like “people need to know their network like the back of their hand to be able to identify evil”. While I don’t disagree with this, I think there are many other things that people should be just as familiar with. Sally’s machine in finance may not always scan Jim’s machine in R&D and the clues to identifying a compromise may be much more subtle. It’s these subtle indicators that we can use to hunt for adversary activity.
more here........http://blog.handlerdiaries.com/?p=775
more here........http://blog.handlerdiaries.com/?p=775