Category: General

A visually easy Incident Response Playbook to defend against cyber attacks related to current Geo-Political conflict – https://board.flexibleir.com/b/Pijsre9DwPMtSgBNY/templatenistv01 The current conflicts could increase the number of cyberattacks. Organizations could be directly targeted or be collateral victims in most cases.  GOAL: Every organization — large and small — must be prepared to respond to disruptive cyber activity. 

If short on time directly jump to the playbooks section. It is key to follow new reports continuously as newer discoveries and developments are happening. Ensure to see article time stamps. Quick SANS video – https://www.youtube.com/watch?v=oC2PZB5D3Ys Playbook Mitigations Apply Patch Log4j versions upgraded to log4j-2.15.0-rc1. Test first on non-production systems. In case not able to apply the patch For version >=2.10: set log4j2.formatMsgNoLookups to true.  […]

If short on time directly jump to the playbooks section. Here we talk about how a Supply chain attack can be mitigated in general. A specific use case will be the SolarWinds supply chain attack – Link and the log4j vulnerabilities – Link It is important for an organization to have a list of all the software the company uses, their licenses and versions Know […]

If short on time directly jump to the playbooks section. It is key to follow new reports continuously as newer discoveries and developments are happening. Ensure to see article time stamps. https://us-cert.cisa.gov/ncas/alerts/aa20-352a https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html https://github.com/fireeye/sunburst_countermeasures Volexity blog – Link The SolarWinds supply chain attacks are sophisticated in execution, broad in scope, and incredibly potent in their effectiveness. “SUNBURST is the malware that was distributed through SolarWinds […]

Our approach – Reuse as much operational knowledge gained by your peers who have already handled attacks. Most of them are kind enough to help you provided you ask. Below are a series of learning’s shared by companies who have handled major incidents and which others can take as actionable items. Toll group Sincere thanks to Diana Peh. The logistics giant was first hit by […]

First – We compliment a SOAR solution. Our approach is to first design all your playbooks on Kanban boards, know the tasks well, profile them and run them manually. Then selectively move to automation using your selected SOAR solution. Advantages Easy for analysts to quickly build the playbooks in simple visual interface. Easy for analysts to remember the tasks and build muscle memory required during […]

The rapid shift to online learning brought about by the pandemic is all but guaranteed to increase the threats they are facing and incidents they will experience. Typical users of online learning platforms – students, lecturers or teachers. Typical types Online training with content. Online training by trainers Large educational institutes – Going online. A platform for educators and learners with educators creating educational videos […]

The use cases are critical to identifying any of the early, middle, and end-stage operations of the adversary. A small abnormal event can be a clue to a larger attack. There also needs to be a Playbook on how to respond. What are Use Cases A use case can be technical rules or condition applied on logs which are ingested into the SIEM. Eg – […]