Automated Threat Hunting PlaybookThreat Hunting Playbook

When it comes to incident response, it is a race against the clock. The more time an attacker spends inside your network, the bigger the damage to your business can be. What can isolate and eradicate threats before it gets too late is an effective incident response – which is a combination of automation and […]

Command-and-control Malware Traffic PlaybookCommand-and-Control Malware Response Playbook

Introduction Malicious actors operate command-and-control (C&C/C2) servers to interact with their victims’ computers. These C2 servers are intended to instruct the compromised PCs to do undesired things, such as stealing the user’s passwords, encrypting the files for ransom or attacking other computers on the network. One of the major threats today, ransomware (Cryptolocker, Locky, Petya), […]

Ransomware Playbook

Ransomware Playbook for Managing Infections The following post demonstrates the writing process of a ransomware playbook for effective incident response and handling ransomware infections. Ransomware is a variation of malicious software that encrypts the victim’s files without any consent, then demands a ransom in exchange for the decryption keys. This is a lucrative, multi-million-dollar business model, which […]