Home » Incident Response

Incident Response

All the technical implementations related to incident response

Risky NPM Package (Agentic AI assistant)

- Posted in Incident Response by
Risky NPM Package (Agentic AI assistant)
Background Because the saga of AI and agentic clients continues, organizations can be put at risk since threat actors may target such solutions. This has prompted an effort to understand what is [...] Read more

Simple Methods to Spot Disabled Antivirus (Windows Defender) on Windows Systems

- Posted in Incident Response by
Simple Methods to Spot Disabled Antivirus (Windows Defender) on Windows Systems
Background: During incident response, it’s not always the case that advanced, highly sophisticated AV bypass techniques are used. Sometimes, attackers rely on simple, out-of-the-box methods to [...] Read more

Wild Exploits, Missing Logs: Docker Incident Response Without SIEM Visibility

- Posted in Incident Response by
Wild Exploits, Missing Logs: Docker Incident Response Without SIEM Visibility
Background: Sometimes, when dealing with incidents, there can be situations where logs are not available—especially in cases involving containers that were downloaded from Docker Hub. For example, [...] Read more

Agentic AI challenges in IDE: Forensic and extraction of traces PART 3

- Posted in Incident Response by
Agentic AI challenges in IDE: Forensic and extraction of traces PART 3
Background: In our latest research related to forensic traces left by IDEs, let's look into the Cursor AI IDE. Traces: As in our previous research, we saw that some of its components rely on VS Code. [...] Read more

Agentic AI challenges in IDE: Forensic and extraction of traces PART 2

- Posted in Incident Response by
Agentic AI challenges in IDE: Forensic and extraction of traces PART 2
Background: As we continue our research around agentic IDEs which can leave traces, because at some IR stages you need to deal with such things—especially when an engineer's machine was involved in [...] Read more

Agentic AI challenges in IDE: Forensic and extraction of traces PART 1

- Posted in Incident Response by
Agentic AI challenges in IDE: Forensic and extraction of traces PART 1
Background: With the rise of AI companions and agentic features in popular IDEs, these tools can now execute commands with user consent. This presents new challenges for digital forensic specialists, [...] Read more

Hunting for Threats in the Dark: Leverage AI Technology to Support Your Investigation

- Posted in Incident Response by
Hunting for Threats in the Dark: Leverage AI Technology to Support Your Investigation
Background: Threat actors have been leveraging AI in their attacks for some time now. Through searching for answers on how we as IR specialists can stand against this threat, I have come to a simple [...] Read more

Crafting and Case Study of Cost-Effective Universal Hardware Toolkits for specific IR cases

- Posted in Incident Response by
Crafting and Case Study of Cost-Effective Universal Hardware Toolkits for specific IR cases
Background: In the incident response discipline, it is often necessary to carry hardware in our bags that can make daily tasks more manageable. In our previous articles, we discussed how to leverage [...] Read more

Defensive Edge: Adapting Red Team Hardware for IR

- Posted in Incident Response by
Defensive Edge: Adapting Red Team Hardware for IR
Background: Red team specialists often use specialized hardware during operations. However, don't worry—this hardware isn't exclusive to red teams. Incident responders also can use some of hardware [...] Read more

Cross-Linux Distro Forensic Data Collection Techniques for IR

- Posted in Incident Response by
Cross-Linux Distro Forensic Data Collection Techniques for IR
Background: One of the IR stages is the "collection" stage, which occurs between containment and analysis. We sometimes need to collect evidence from Kubernetes pods or Docker containers, which can [...] Read more
Page 2 of 5