Questions tagged [incident-response]
The art of responding to incidents in an organized and thoughtful manner.
213
questions
1
vote
1
answer
47
views
Preventing Unauthorized Public Exposure of Repositories
Recently, a developer accidentally made a private repository public, which contained secret keys. Although a third-party application promptly flagged and rotated the exposed credentials, the ...
1
vote
0
answers
76
views
Security Incident Response Tracking [closed]
Besides Security IR tracking & workflow that is available in SIEM platforms, what are other tools that can do this such as standalone products like ServiceNow SIR or Everbridge xmatters? I found ...
1
vote
2
answers
151
views
How to monitor for vulnerabilities across your company stack?
Let's say a software company XYZ is using a variety of 3rd party vendors - as an example, it could use:
Lastpass as a company password manager;
Azure B2C as the authentication framework for the ...
0
votes
1
answer
261
views
Someone unknown accessed my server via ssh, what steps can I follow to learn more?
First I will admit this machine isn't particularly well secured. It has an ssh port open to the internet, it accepts password login, it's OS and packages are not particularly up to date. I know many ...
14
votes
1
answer
3k
views
If a ransomware is currently encrypting my files, should I power off my computer?
I wondered what to do if there is a currently ongoing ransomware execution on my computer.
Assuming that I'm "spotting" it while it is encrypting my files, should I power my computer off?
I ...
1
vote
0
answers
135
views
Is someone accessing my win10 computer?
I have been wondering if someone is accessing my system and after doing using some basic assessment tools like netstat and event viewer, found some unusual open ports(12345) and special Logon! below ...
1
vote
0
answers
71
views
Is Hanbook for CSIRTs still relevant learning material today?
The question is pretty self-explanatory. Is this book relevant today considering it has been published some time ago? If anyone has read it could you answer what are some things that have changed and ...
2
votes
0
answers
82
views
BPFDoor injection point and containment
How to determine BPFdoor entrypoint?I used following link to detect it on host https://blog.qualys.com/vulnerabilities-threat-research/2022/08/01/heres-a-simple-script-to-detect-the-stealthy-nation-...
4
votes
2
answers
2k
views
Acceptably resolving a serious vulnerability disclosure
Hypothetical scenario:
An organisation with users who rely on the service's zero knowledge cryptography has a vulnerability disclosure made to it from a research institution.
There are multiple ...
0
votes
0
answers
95
views
Windows 10 Cybersecurity on Stand-Alone Computer
I have been asked to investigate what capabilities exist within Windows 10 where the environment for this system is isolated. I believe it would not be able to benefit from an enterprise security ...
0
votes
0
answers
781
views
What should I do after an attempted Mozi attack?
I was testing a small webpage using Django's built-in server. The webpage simply shows the IP of the visitor of the webpage, and prints the IP address in the terminal. The server is hosted on a Ubuntu ...
0
votes
1
answer
201
views
Security Tools - File Encryption vs Corruption
When security tools quarantine files, why do they tend to use encryption, rather than simple file corruption?
The main goal of quarantining a file is to make it impossible to run on a system. This ...
2
votes
1
answer
300
views
What is the difference between a SOC and a CSIRT?
So, from a summary of what I have found on the internet,
a SOC collects information and the CSIRT makes conclusions based on that info.
However, from what I see in labs/challenges websites like ...
0
votes
1
answer
145
views
Which key questions to ask while vetting an incident response company?
If I ever suspect a security incident exceeding internal capacity & skill sets, my plan calls for outside professionals. In choosing a specific Company, I expect to expose the company to these ...
1
vote
2
answers
1k
views
Clonezilla for forensic disk image
I was wondering if it's reasonable and forensically correct to use Clonezilla for the image of an attacked machine.
Since some of the commercial products are very expensive I'm turning to open source ...