Incident Response

Incident Response

18 bookmarks
Custom sorting
The Key to Identify PsExec - AboutDFIR - The Definitive Compendium Project
The Key to Identify PsExec - AboutDFIR - The Definitive Compendium Project
In one way or another, PsExec - a wildly popular remote administration tool in the Microsoft SysInternals Suite, peeks its head in the wild. Threat actors tend to leverage PsExec for various reasons such as executing programs on a remote host in a victim’s environment or for more nefarious reasons such as deploying ransomware. The focus of this blog is to bring attention to a relatively new method in identifying the source host in which PsExec was executed from. This is something that has caught my attention on a few IR engagements that I have worked on recently. Huge shoutout to Joseph Ziemba for first bringing this to my attention on one of our ransomware engagements we worked on together at KPMG.
·aboutdfir.com·
The Key to Identify PsExec - AboutDFIR - The Definitive Compendium Project
tclahr/uac: UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
tclahr/uac: UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler...
·github.com·
tclahr/uac: UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
The RULER Project
The RULER Project
The Really Useful Logging and Event Repository Project
·ruler-project.github.io·
The RULER Project
UncoderIO/Uncoder_IO: An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.
UncoderIO/Uncoder_IO: An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.
An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy. - GitHub - UncoderIO/Uncoder_IO: An IDE and translation engine for detection e...
·github.com·
UncoderIO/Uncoder_IO: An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.
google/grr
google/grr
GRR Rapid Response: remote live forensics for incident response
·github.com·
google/grr
LetsDefend/incident-response-playbooks
LetsDefend/incident-response-playbooks
Contribute to LetsDefend/incident-response-playbooks development by creating an account on GitHub.
·github.com·
LetsDefend/incident-response-playbooks
0x4D31/detection-and-response-pipeline: ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective threat detection and response pipelines. 👷 🏗
0x4D31/detection-and-response-pipeline: ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective threat detection and response pipelines. 👷 🏗
✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective...
·github.com·
0x4D31/detection-and-response-pipeline: ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective threat detection and response pipelines. 👷 🏗
DFIR triage and Timeline Analysis
DFIR triage and Timeline Analysis
During incident response, it is essential to establish a full context around the time of alert or when suspicious activity was identified…
·medium.com·
DFIR triage and Timeline Analysis