FlexibleIR in association with DSCI and CERT India has created a unique Ransomware Rapid Response 2-day Bootcamp program. Tens of organisations are better prepared for a crisis!. Here we conduct drills and build Playbooks to ensure the organization is prepared technically and from the management perspective too. Key points on the BootCamp1. BYOP – Build your own visual playbooks for Rapid Response and compare them […]

A visually easy Incident Response Playbook to defend against cyber attacks related to current Geo-Political conflict – https://board.flexibleir.com/b/Pijsre9DwPMtSgBNY/templatenistv01 The current conflicts could increase the number of cyberattacks. Organizations could be directly targeted or be collateral victims in most cases.  GOAL: Every organization — large and small — must be prepared to respond to disruptive cyber activity. 

If short on time directly jump to the playbooks section. It is key to follow new reports continuously as newer discoveries and developments are happening. Ensure to see article time stamps. Quick SANS video – https://www.youtube.com/watch?v=oC2PZB5D3Ys Playbook Mitigations Apply Patch Log4j versions upgraded to log4j-2.15.0-rc1. Test first on non-production systems. In case not able to apply the patch For version >=2.10: set log4j2.formatMsgNoLookups to true.  […]

If short on time directly jump to the playbooks section. Here we talk about how a Supply chain attack can be mitigated in general. A specific use case will be the SolarWinds supply chain attack – Link and the log4j vulnerabilities – Link It is important for an organization to have a list of all the software the company uses, their licenses and versions Know […]

If short on time directly jump to the playbooks section. It is key to follow new reports continuously as newer discoveries and developments are happening. Ensure to see article time stamps. https://us-cert.cisa.gov/ncas/alerts/aa20-352a https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html https://github.com/fireeye/sunburst_countermeasures Volexity blog – Link The SolarWinds supply chain attacks are sophisticated in execution, broad in scope, and incredibly potent in their effectiveness. “SUNBURST is the malware that was distributed through SolarWinds […]

First – We compliment a SOAR solution. Our approach is to first design all your playbooks on Kanban boards, know the tasks well, profile them and run them manually. Then selectively move to automation using your selected SOAR solution. Advantages Playbook development workflow Below is a proposed workflow of a Playbook as we have observed working with enterprises and critical infrastructure companies