In the face of an emerging security incident, how you respond isn’t just about your technical abilities; the need to quickly respond to and remediate a situation will challenge how you make decisions in the heat of what can potentially become a crisis. Attacks like the recent Sunburst attack via Solarwinds makes it clear that even the most well-patched environments can be susceptible to vulnerabilities found within third-party solutions.

But how can you prepare for and develop better decision-making skills for addressing a scenario like Sunburst that has never happened before?

In this webinar, we join the experts at Ultimate Windows Security to discuss how decision-making is the real litmus test of incident response, why it’s a challenge, and how poor decision-making skills may have added to the impact of the Sunburst breach.

We also walk through our Sunburst Crisis Sim scenario, where attendees play decision-maker in addressing this compromise, as well as showcase our Solarwinds labs to demonstrate how to:

  • Identify Indicators of Compromise – Using a set of Yara Rules from FireEye, we’ll show how to determine whether the malicious version of the Solarwinds DLL is in use.
  • Analyze Malware – According to open source malware reports, there is a Domain Generation Algorithm that creates unique C2 domains for each installation. We’ll explore the DLL and identify the DGA, discussing how it avoids detection in your network.


  • Chris Pace; Technology Advocate, Immersive Labs
  • Kev Breen; Director of Cyber Threat Research, Immersive Labs
  • Nick Cavalancia; Microsoft MVP and cybersecurity expert, Ultimate Windows Security




January 15, 2021