Author: venkat

Venkat is founder of FlexibleIR. He brings 20 years of experience in building tools and products at Sun Microsystems, Intel, Novell, HP, Yahoo,Tesco and startups. He has developed test suites and frameworks for post silicon validation of the Xeon processor family (Fuzzing). He has worked deeply on UFS files system at SUN Microsystem. Was a security paranoid at Yahoo.
Incident Response
April 25, 2020

Incident Response : Line of investigation

A typical incident could have multiple lines of investigation to get a clear understanding and scope of the attack. It is important to capture each of these train of thoughts or hypothesis. Zero day attacks are typical scenarios where multiple approaches with independent short teams need to be run in parallel. Standardized processes are not enough for responding to every security alert. Apart from running […]

Incident Response
April 24, 2020

Incident Response : Mitigation tasks library

The objective is to have a set of standard and common containment and mitigation tasks that gets applied during a response. While handling an adversary it helps to know what all steps we can possibly do and then accordingly take action based on which part of the kill chain the adversary is in. Reasoning – The adversary keeps changing their tactics and techniques. They have […]

maze-ransomware
General
April 24, 2020

Playbook for Maze Ransomware

You need to quickly contain the problem considering which part of kill chain your adversary is in. You to need contain and neutralize the impact of the incident by possibly shutting down specific services/servers/segments.

web-carding
Web
April 12, 2020

Playbook for Web Carding

Multiple payment authorization attempts used to verify the validity of bulk stolen payment card data.

web_ad
Cloud General
April 12, 2020

Playbook for Web Ad Fraud

False clicks and fraudulent display of web-placed advertisements Description Lists of full credit and/or debit card data are tested against a merchant’s payment processes to identify valid card details. The quality of stolen data is often unknown, and Carding is used to identify good data of higher value. Payment cardholder data may have been stolen from another application, stolen from a different payment channel, or […]

General
April 12, 2020

Playbook for social engineering

Social engineering is one of the hardest form of attack to defend against because hardware and software alone can’t stop it. How to we mitigate these attacks?

malicious-traffic
Network Operations
April 9, 2020

Playbook for Malicious Network Behavior: Malicious Traffic

Alerts are generated when something suspicious is seen by one of the Network monitoring devices. Network Security Tools:IDS (Intrusion Detection System)IPS (Intrusion Prevention System)DLP (Data Loss Prevention)SIEM (Security Incident and Event Management)NBAD (Network Behavior Anomaly Detection) Playbook Mitigation https://cert.societegenerale.com/resources/files/IRM-5-Malicious-Network-Behaviour.pdf References

General
April 9, 2020

Playbook for Insider Threat

Insider threats are growing and are very complex to handle as it needs to be worked outvery closely with a lot of stakeholders including the human resource department.