Webinars / Webinars / Rusty: A DFIR Walkthrough of a Real MSSP Incident
Rusty: A DFIR Walkthrough of a Real MSSP Incident
Join experts from Hack The Box and Triskele Labs for a technical walkthrough of a real-world ransomware and data exfiltration investigation based on a closed-source MSSP incident.
Presented by Hack The Box
Overview
Ransomware and data exfiltration incidents demand fast, structured investigation across complex enterprise environments.
In this webinar, Hack The Box experts are joined by Triskele Labs to walk through Rusty, a defensive investigation recreated from a real MSSP incident report. The scenario emulates a ransomware and data exfiltration attack in a corporate Windows environment, allowing participants to follow how Blue Teams investigate attacker activity across Active Directory and Remote Desktop Services.
The session focuses on practical DFIR decision-making—how evidence is analyzed, how timelines are built, and how investigation choices influence response outcomes.
This session is designed for practitioners responsible for incident investigation and operational readiness in enterprise environments.
Agenda
- Introduction & incident context
- Triskele Labs perspective on the real incident
- Technical walkthrough of the Rusty Sherlock
- Open Q&A and discussion
