home.social

#incidnetresponse — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #incidnetresponse, aggregated by home.social.

  1. New from the Gooses. A hopefully straight forward vibe coded incident response use case playbook action tracker with a incident view to follow action items through a live incident, written by RootxOver. More to come.

    Article:

    Not Another (Incident Response) Framework blog.grumpygoose.io/not-anothe

    Tool:

    rootxover.github.io/IR-REACT/

    #grumpygoose #IncidnetResponse #ggl #ir

  2. New from the Gooses. A hopefully straight forward vibe coded incident response use case playbook action tracker with a incident view to follow action items through a live incident, written by RootxOver. More to come.

    Article:

    Not Another (Incident Response) Framework blog.grumpygoose.io/not-anothe

    Tool:

    rootxover.github.io/IR-REACT/

    #grumpygoose #IncidnetResponse #ggl #ir

  3. first gig back at work has widespread malware delivered to endpoints via security tooling. This one is after the incident so not a problem to investigate, a previous one though had the Threat Actor using MDE to undo containments and deploy malware live during the IR 🫠 Any fleet management software, be it RMM or security tooling, can give a TA as much control of the organisation as the admins #IncidnetResponse #dfir

  4. first gig back at work has widespread malware delivered to endpoints via security tooling. This one is after the incident so not a problem to investigate, a previous one though had the Threat Actor using MDE to undo containments and deploy malware live during the IR 🫠 Any fleet management software, be it RMM or security tooling, can give a TA as much control of the organisation as the admins #IncidnetResponse #dfir

  5. first gig back at work has widespread malware delivered to endpoints via security tooling. This one is after the incident so not a problem to investigate, a previous one though had the Threat Actor using MDE to undo containments and deploy malware live during the IR 🫠 Any fleet management software, be it RMM or security tooling, can give a TA as much control of the organisation as the admins #IncidnetResponse #dfir

  6. first gig back at work has widespread malware delivered to endpoints via security tooling. This one is after the incident so not a problem to investigate, a previous one though had the Threat Actor using MDE to undo containments and deploy malware live during the IR 🫠 Any fleet management software, be it RMM or security tooling, can give a TA as much control of the organisation as the admins #IncidnetResponse #dfir

  7. first gig back at work has widespread malware delivered to endpoints via security tooling. This one is after the incident so not a problem to investigate, a previous one though had the Threat Actor using MDE to undo containments and deploy malware live during the IR 🫠 Any fleet management software, be it RMM or security tooling, can give a TA as much control of the organisation as the admins #IncidnetResponse #dfir

  8. When you need to capture a #BitLocker driver you might be able to sniff the key from the TPM.

    Take a look at the full video on this process. It contains some great research & simple hardware he built for it.
    youtu.be/wTl4vEednkQ

    #DFIR #IncidnetResponse #DiskForensics

  9. When you need to capture a #BitLocker driver you might be able to sniff the key from the TPM.

    Take a look at the full video on this process. It contains some great research & simple hardware he built for it.
    youtu.be/wTl4vEednkQ

    #DFIR #IncidnetResponse #DiskForensics

  10. When you need to capture a #BitLocker driver you might be able to sniff the key from the TPM.

    Take a look at the full video on this process. It contains some great research & simple hardware he built for it.
    youtu.be/wTl4vEednkQ

    #DFIR #IncidnetResponse #DiskForensics

  11. When you need to capture a #BitLocker driver you might be able to sniff the key from the TPM.

    Take a look at the full video on this process. It contains some great research & simple hardware he built for it.
    youtu.be/wTl4vEednkQ

    #DFIR #IncidnetResponse #DiskForensics

  12. When you need to capture a #BitLocker driver you might be able to sniff the key from the TPM.

    Take a look at the full video on this process. It contains some great research & simple hardware he built for it.
    youtu.be/wTl4vEednkQ

    #DFIR #IncidnetResponse #DiskForensics