-
Awesome csirt
CSIRT *Please contribute through pull requests- ;) Another great list: awesome-incident-response Books Nice list here by Cert.BR Practical Cryptography for Developers, github The Book of Secret Knowledge Security Engineering — Third Edition The Cyber Plumber’s Handbook Links FIRST Malware Analysis Resources Cert.BR - useful links 7º Fórum Brasileiro de CSIRTs...
-
Incident Response
What is incident response? Incident response is an approach to managing a security incident process. An incident response plan is needed to approach security incidents systematically. A successful incident response plan includes the following 6 stages: 1- Preparation 2- Identification 3- Scope 4- Eradication 5- Recovery 6- Lessons Learned 1-...
-
Holygh0st
title: North Korean Threat Actors uses New H0lyGh0st Ransomware [CVE-2022-26352] (via process_creation) description: This rule detects suspicious schtask.exe activity during the attack. author: Aytek Aytemur references: https://www.microsoft.com/security/blog/2022/07/14/north-korean-threat-actor-targets-small-and-midsize-businesses-with-h0lygh0st-ransomware/ status: stable tags: attack.t1053 attack.execution logsource: product: windows category: process_creation detection: selection: CommandLine|contains|all: ‘/create’ ‘/tn’ ‘lockertask’ condition: selection falsepositives: unknown level: high id:...