Ryan Naraine
"While conducting a postmortem review of the Asnarök attack, [Sophos] built a specialized kernel implant to deploy to devices that Sophos had high confidence were controlled by groups conducting malicious exploit research. The tool allowed for remote file and log collection