Category: Incident Response

April 25, 2020

Incident Response : Line of investigation

A typical incident could have multiple lines of investigation to get a clear understanding and scope of the attack. It is important to capture each of these train of thoughts or hypothesis. Zero day attacks are typical scenarios where multiple approaches with independent short teams need to be run in parallel. Standardized processes are not enough for responding to every security alert. Apart from running […]

April 24, 2020

Incident Response : Mitigation tasks library

The objective is to have a set of standard and common containment and mitigation tasks that gets applied during a response. While handling an adversary it helps to know what all steps we can possibly do and then accordingly take action based on which part of the kill chain the adversary is in. Mitigation tasks Tactical tasks https://atc-project.github.io/react-navigator/