April 24, 2020

Playbook for Maze Ransomware

You need to quickly contain the problem considering which part of kill chain your adversary is in. You to need contain and neutralize the impact of the incident by possibly shutting down specific services/servers/segments.

April 12, 2020

Playbooks for video conferencing app attacks

With the rush for Working From Home, organizations are overwhelmed with employees using video conferencing technologies, from Slack, Skype and Discord to GoToMeeting, Zoom and Webex. What are your security teams supposed to do when incidents like Fairfax school strike? Do they have the basic steps and planned approach to handle the events?. In this page we cover the top tips to analyze and mitigate/contain/remediate […]

April 6, 2020

Playbook for Phishing

If short on time directly jump to the playbooks section. Summary Any attempt to compromise a system and/or steal information by tricking a user into responding to a malicious message. The most common phishing attacks involve emails armed with malware hidden in attachments or links to infected websites, although phishing can be conducted via other methods such as voicemail, text messages, and social media, too. […]

May 10, 2021

Software Supply chain Playbook

If short on time directly jump to the playbooks section. Here we talk about how a Supply chain attack can be mitigated in general. A specific use case will be the SolarWinds supply chain attack – Link It is important for a organisation to have a list of all the softwares the company uses, their licenses and versions Know what are the most important business […]

December 24, 2020

SolarWinds Sunburst Incident Response Playbook

If short on time directly jump to the playbooks section. It is key to follow new reports continuously as newer discoveries and developments are happening. Ensure to see article time stamps. https://us-cert.cisa.gov/ncas/alerts/aa20-352a https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html https://github.com/fireeye/sunburst_countermeasures Volexity blog – Link The SolarWinds supply chain attacks are sophisticated in execution, broad in scope, and incredibly potent in their effectiveness. “SUNBURST is the malware that was distributed through SolarWinds […]

November 13, 2020

Incident response lessons learnt on ground

Our approach – Reuse as much operational knowledge gained by your peers who have already handled attacks. Most of them are kind enough to help you provided you ask. Below are a series of learning’s shared by companies who have handled major incidents and which others can take as actionable items. Toll group Sincere thanks to Diana Peh. The logistics giant was first hit by […]

November 13, 2020

SOAR playbooks designed on kanban boards

First – We compliment a SOAR solution. Our approach is to first design all your playbooks on Kanban boards, know the tasks well, profile them and run them manually. Then selectively move to automation using your selected SOAR solution. Advantages Easy for analysts to quickly build the playbooks in simple visual interface. Easy for analysts to remember the tasks and build muscle memory required during […]

August 26, 2020

Defending the Online Education Sector

Other names for the sector – E-learning, online learning, Edtech With a major shift to virtual classrooms, the Edtech startup companies pose a significant target for cyber criminals. As more students get connected to the Internet the threat has never been greater. Cyber attacks continue to plague the education sector, and they’re only intensifying. The consequences can be devastating and long lasting. Hackers are probably […]

August 19, 2020

Online education platform threats and mitigations

The rapid shift to online learning brought about by the pandemic is all but guaranteed to increase the threats they are facing and incidents they will experience. Typical users of online learning platforms – students, lecturers or teachers. Typical types Online training with content. Online training by trainers Large educational institutes – Going online. A platform for educators and learners with educators creating educational videos […]

July 1, 2020

Incident Response – Training, Blue team exercise and Muscle Memory.

First.org recommends this: Take a scenario that affected another organization and perform a table-top walk through of how your organization would deal with that same incident. At the very least you’ll identify gaps you still have to address. Exercises should be regular and involve a range of participants. It’s important that the senior members of an organization (right up to senior executive management) as well […]

June 30, 2020

SoC SIEM Use Cases

The use cases are critical to identify any of the early, middle and end stage operations of the actors. A small abnormal event can be a clue to a larger adversarial attack. For effective adoption , the use cases need to be mapped to the kill chain phases so you can know how much the adversary succeeded in his objective. Also appropriate severity added. Tagging […]