Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts to provide clients with proactive incident response focused on gaining rapid visibility into customer networks to detemine adversary presence, scope and scale of an infection, and root cause analysis to move clients towards total threat remediation Combining years of Intelligence Community experience conducting offensive cyber operations against advanced threat actors, our experts understand and anticipate adversary behavior and tradecraft, providing a unique ability to predict and determine an attackers presence within a network and identify compromised hosts Adversary HUNT Pursue Operations Threat Baseline Assessments Incident Response and Digital Forensics

Concept of Operations HUNT Pursue Remediation Agent Deployment HUNT operators perform detection and analysis techniques to evaluate telemetry returned from customer endpoints to identify adversary presence and compromised assets HUNT Operators perform malware and forensic analysis to provide actionable intelligence and indicators of compromise to proesecute and remediate threats Agent Deployment Response Planning Indigenous endpoint detection response agents are deployed to customer endpoints to provide HUNT team with visibility into customer networks to determine adversary presence Our HUNT team members work with customer security staff to develop tailored response plans focused on protection of critical assets and holistic remediation 01. CONOP

Phase I: Predeployment Counter APT Concept of Operations Analysts deploy to customer site to develop an understanding of customer network enterprise environment, interview customer security team to gather context surrounding security incident, and determine connectivity requirements to prepare for agent deployment Phase will include malware analysis and reverse engineering of any known suspected malicious software samples and review of any known indicators or compromise related to intrusion Establish a plan of action and safe communications channels with customer team Identify critical assets and key cyber terrain as a function of customer business impact to prioritize actions and response strategy Develop detailed evaluation deployment plan Deliverables Provide customer with detailed agent deployment plan 02. Predeployment Phase

Phase II: Agent Deployment Counter APT Concept of Operations On-site analyst works with customer to deploy software agents and serves as an onsite point of contact for ensuring constant communication and interaction with customer security team Ensures secure communications with remote HUNT team Enables full HUNT support to enable timely and efficient prosecution of threats Duration 1 Day of onsite support, performed by one forward deployed analyst Deliverables Tailored communications channel for SNOW sensors to enable joint operational HUNT infrastructure access to SNOWBoard Analysis and Command and Control Interface 03. Agent Deployment

Phase III: HUNT & Remediation Counter APT Concept of Operations Remote HUNT operators actively HUNT in customer networks to determine adversary presence and determine the conditions for deliberate response in accordance with customer operating requirements Identified indicators of compromise and analyzed to identify compromised hosts and determine scope and scale of infection A response plan is developed for remediating including root cause analysis of intrusion to provide a path to infection by the adversary and recommendations for mitigating security vulnerabilities Duration Approximately five days, performed by one onsite analyst in addition to remote HUNT operators Deliverables Detection reporting Response Plans Post-Operation Remediation Support 04. HUNT and Response Actions

Pricing Incident Response & HUNT (USD) Incident Response (Remote HUNT) | $200/hr Incident Response (Urgent Onsite Support) | $280/hr Incident Response (Nonurgent Onsite Support) | $240/hr Travel | $100/hr Pricing Incident Response & HUNT (USD)