In the first half of 2026, the SOC of one of our customers discovered odd user behaviour on a sensitive server and started to investigate. That investigation lead to investigation of a authentication bypass and eventually a sophisticated and persistent attack of an edge device (F5) and the services offered though it. In this session we will explain the details tof he attack(s), how we (the MSP, the customer and the NCSC) mounted our response and what you can learn from this.
