Home » Posts tagged incident_response

Defensive Edge: Adapting Red Team Hardware for IR

- Posted in Incident Response by
Defensive Edge: Adapting Red Team Hardware for IR
Background: Red team specialists often use specialized hardware during operations. However, don't worry—this hardware isn't exclusive to red teams. Incident responders also can use some of hardware [...] Read more

Investigating Malicious Activity in WSL Environments

- Posted in Threat Analyze by
Investigating Malicious Activity in WSL Environments
Background: Some XDR and EDR solutions are not effective when dealing with threats hidden inside WSL. In certain cases, it can also be challenging for digital forensic specialists to detect threats [...] Read more

Essential Data Acquisition and Digital Forensics for Incident Responders

- Posted in Incident Response by
Essential Data Acquisition and Digital Forensics for Incident Responders
Background: In a previous article, we discussed the method for creating a USB flash drive to acquire forensic images. In this article, I'll explain how to leverage the previously created tool during [...] Read more

Communicating Incident Response: A Reporting Framework for the C-Suite

- Posted in Incident Response by
Communicating Incident Response: A Reporting Framework for the C-Suite
Background: Incident response is divided into two parts: hands-on activities and management activities. We have discussed hands-on activities extensively. However, if we want to present the activity [...] Read more

The Invisible Threat: How to Detect Physical Keystroke Injection Implants

- Posted in Threat Analyze by
The Invisible Threat: How to Detect Physical Keystroke Injection Implants
Background: In today's cybersecurity landscape, there are many attack types. One of them is hardware-based, which can be leveraged by threat actors to connect special keystroke injection devices into [...] Read more

Decrypting Hope: Strategies for Recovery from Ransomware Encryption

- Posted in Incident Response by
Decrypting Hope: Strategies for Recovery from Ransomware Encryption
Background: Sometimes, during incidents involving ransomware-related threat actors, the investigation into the recovery process can reveal solutions closer than you might think. It’s important to [...] Read more

A Holistic Approach to Organizational Incident Response Design: Integrating People, Process, and Technology

- Posted in Incident Response by
A Holistic Approach to Organizational Incident Response Design: Integrating People, Process, and Technology
Background: When an incident occurs in your environment, you should be prepared to respond effectively from the perspectives of people, processes, and technologies. Proper preparation ensures a [...] Read more

Navigating Incident Response When Logs Are Missing

- Posted in Incident Response by
Navigating Incident Response When Logs Are Missing
Background: In incident response log collection, you might encounter situations where EDR/XDR solutions or log collectors are not present on a machine. Additionally, some syslogs might be missing. [...] Read more

Mitigating Cloud Risks: Simple Steps to Prevent Incidents

- Posted in Hardenings by
Mitigating Cloud Risks: Simple Steps to Prevent Incidents
Background: Based on well-known practices and yearly reviews over the infosec industry channels, a significant part of incidents occurring in the cloud are primarily caused by misconfigurations of [...] Read more

Challenges of Digital Drives: Footprint Integrity and Binary View During Incident Response Log Collection

- Posted in Incident Response by
Challenges of Digital Drives: Footprint Integrity and Binary View During Incident Response Log Collection
Background: In one of our previous articles, I've introduced the process of preparing a USB drive/tool for forensic analysis. Now, it is time to delve one level deeper and explore the key points that [...] Read more
Page 1 of 2