Month: April 2020

April 25, 2020

Incident Response : Line of investigation

A typical incident could have multiple lines of investigation to get a clear understanding and scope of the attack. It is important to capture each of these train of thoughts or hypothesis. Zero day attacks are typical scenarios where multiple approaches with independent short teams need to be run in parallel. Standardized processes are not enough for responding to every security alert. Apart from running […]

April 24, 2020

Incident Response : Mitigation tasks library

The objective is to have a set of standard and common containment and mitigation tasks that gets applied during a response. While handling an adversary it helps to know what all steps we can possibly do and then accordingly take action based on which part of the kill chain the adversary is in. Mitigation tasks Tactical tasks https://atc-project.github.io/react-navigator/

April 24, 2020

Playbook for Maze Ransomware

You need to quickly contain the problem considering which part of kill chain your adversary is in. You to need contain and neutralize the impact of the incident by possibly shutting down specific services/servers/segments.

April 14, 2020

Playbook for SQL injection

A SQL injection attack exploits vulnerabilities in input validation to run arbitrary commands in the database. It can occur when your application uses input to construct dynamic SQL statements to access the database. It can also occur if your code uses stored procedures that are passed strings that contain unfiltered user input. Using the SQL injection attack, the attacker can execute arbitrary commands in the […]

April 12, 2020

Playbook for Web Carding

Multiple payment authorization attempts used to verify the validity of bulk stolen payment card data.

April 12, 2020

Playbook for Web Ad Fraud

False clicks and fraudulent display of web-placed advertisements Description Lists of full credit and/or debit card data are tested against a merchant’s payment processes to identify valid card details. The quality of stolen data is often unknown, and Carding is used to identify good data of higher value. Payment cardholder data may have been stolen from another application, stolen from a different payment channel, or […]

April 12, 2020

Playbooks for video conferencing app attacks

With the rush for Working From Home, organizations are overwhelmed with employees using video conferencing technologies, from Slack, Skype and Discord to GoToMeeting, Zoom and Webex. What are your security teams supposed to do when incidents like Fairfax school strike? Do they have the basic steps and planned approach to handle the events?. In this page we cover the top tips to analyze and mitigate/contain/remediate […]