Key takeaways,
- DNS keeps being an important protocol for exfiltration
- Process Injection, Memory Persistence, no file trace in disk
- Living of the land techniques to move laterally
- They thwarted the attribution process not using twice the same threat infrastructure