In 2012, one of the largest data breaches took place. This talk covers the entire process of incident response to the APT from day one on site, through mitigation and finally remediation. The attackers were inside the network of a major credit card processor for months without their knowledge, using interesting techniques for data exfiltration including IP V6 tunneling and DNS look ups and responses for data exfiltration as well as command and control. The attackers modified several known exploit and payload packages to accomplish their task including tools such as stacheldraht and stuxnet. The talk will begin with the first day of our arrival onsite to find little to no security in place, tracking down the entry points, running forensics on database systems and discovered malware, setting up security tools and assisting redesign the security department, placing a SOC in the organization, and hardening the entire network.