Sajal Thomas


Modern adversaries are changing up their tactics, techniques and procedures every time they are caught. In order to keep up with the upskilling of adversaries, it remains essential to keep defenders on their toes.

This talk will walk through some of the most commonly observed adversary behaviour from which overlap between state-affiliated cyber espionage actors to ransomware groups. Every adversary needs to perform reconnaissance, privilege escalation and lateral movement. The difference only lies in how.

The talk will also discuss the unique relationship between speed and stealth during a breach. With evolved defensive technologies that baseline behaviour of endpoints on the host and network level, slow and steady adversaries are as crucial to monitor as the ones quick to compromise the entire network.

Additionally, the talk will feature publicly-known detection and response strategies that help defenders cover against the full scale of an adversary’s toolset.

Speaker information

Sajal Thomas


Sajal Thomas simulates adversaries for Siemens AG in Munich and formerly for FireEye/Mandiant. Sajal has helped secure companies ranging from financial institutions to cryptocurrency exchanges to state-run railway networks to multinational conglomerates across the world.