Overview
Ransomware and data exfiltration incidents demand fast, structured investigation across complex enterprise environments.
In this webinar, Hack The Box experts are joined by Triskele Labs to walk through Rusty, a defensive investigation recreated from a real MSSP incident report. The scenario emulates a ransomware and data exfiltration attack in a corporate Windows environment, allowing participants to follow how Blue Teams investigate attacker activity across Active Directory and Remote Desktop Services.
The session focuses on practical DFIR decision-making—how evidence is analyzed, how timelines are built, and how investigation choices influence response outcomes.
This session is designed for practitioners responsible for incident investigation and operational readiness in enterprise environments.