Author: venkat

May 16, 2020

ICS SCADA Use cases

Attacks related to Industrial Control Systems are complex. There is an urgent need to share information, get support for incident analysis and mitigation, and coordinate messaging for incidents that require communication with customers and the public.

May 13, 2020

Playbook for wordpress related attacks

Several cybersecurity firms specialized in WordPress security products — such as Wordfence, WebARX, and NinTechNet — have reported on an ever-increasing number of attacks on WordPress sites. How do we contain the attacks?

May 8, 2020

Playbook for attack on Salt servers

The hackers use CVE-2020-11651 (an authentication bypass) and CVE-2020-11652 (a directory traversal) to take control over Salt master server Mitigations Consider taking down the related servers to investigate the incident and patch vulnerable servers. Patches for the Salt vulnerabilities have been released earlier this week. Salt servers should normally be deployed behind a firewall and not left exposed on the internet. SaltStack engineers patched these […]

April 25, 2020

Incident Response : Line of investigation

A typical incident could have multiple lines of investigation to get a clear understanding and scope of the attack. It is important to capture each of these train of thoughts or hypothesis. Zero day attacks are typical scenarios where multiple approaches with independent short teams need to be run in parallel. Standardized processes are not enough for responding to every security alert. Apart from running […]

April 24, 2020

Incident Response : Mitigation tasks library

The objective is to have a set of standard and common containment and mitigation tasks that gets applied during a response. While handling an adversary it helps to know what all steps we can possibly do and then accordingly take action based on which part of the kill chain the adversary is in. Mitigation tasks Tactical tasks https://atc-project.github.io/react-navigator/

April 24, 2020

Playbook for Maze Ransomware

You need to quickly contain the problem considering which part of kill chain your adversary is in. You to need contain and neutralize the impact of the incident by possibly shutting down specific services/servers/segments.

April 12, 2020

Playbook for Web Carding

Multiple payment authorization attempts used to verify the validity of bulk stolen payment card data.