This presentation aims to summarize the best wins & fails of crisis management based on our field experience. We will cover different phases of a crisis with real life examples such as:

• A CISO and a CIO convinced that a member of their team is in collusion with the adversary.
• An “AD dump” found on a threat actor server mobilized more than 300 people… before becoming a false positive.
• A classic threat hunting that became an incident response following the discovery of Conficker… 9 years after its discovery.
• Etc.