If your organization or company was under attack at this very moment, would you know? If you are fortunate, your answer to that may be a very confident “YES!” Okay, are you confident you've caught every breach you've ever had in your company? Are there attackers still on your network right now? Is there malware sending data outside of your network? Do you know how to track down breaches analyze them and eradicate them? The answers to those questions tend to get a little weaker... It’s not an easy situation to have a complete handle on. In this talk we’d like to share our approaches for locating anomalous behavior on your network, zeroing in on that activity with certainty, capturing host images for analysis and a number of other techniques towards ultimately determining malware and human hacker activity as it is happening right now. This session provides the experience of life long Red Team members as they turn their expertise towards Blue Team activities – if you want to know how to spot a hack in progress, come listen to specialists that know how to perform them, what they look like and how attackers try to hide them.