Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Diaries by Keyword Diaries by Keyword

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

INCIDENT RESPONSE TEAM

2012-04-23Russ McReeEmergency Operations Centers & Security Incident Management: A Correlation
2011-03-25Kevin ListonAPT Tabletop Exercise
2010-01-22Mari NicholsPass-down for a Successful Incident Response

INCIDENT

2019-08-25/a>Guy BruneauAre there any Advantages of Buying Cyber Security Insurance?
2017-12-05/a>Tom WebbIR using the Hive Project.
2017-09-17/a>Guy BruneaurockNSM as a Incident Response Package
2017-06-17/a>Guy BruneauMapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2016-08-24/a>Tom WebbStay on Track During IR
2015-12-04/a>Tom WebbAutomating Phishing Analysis using BRO
2015-04-27/a>Richard PorterWhen Prevention Fails, Incident Response Begins
2015-03-07/a>Guy BruneauShould it be Mandatory to have an Independent Security Audit after a Breach?
2014-12-24/a>Rick WannerIncident Response at Sony
2014-09-12/a>Chris MohanAre credential dumps worth reviewing?
2014-08-16/a>Lenny ZeltserWeb Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-08-10/a>Basil Alawi S.TaherIncident Response with Triage-ir
2014-04-04/a>Rob VandenBrinkDealing with Disaster - A Short Malware Incident Response
2014-03-22/a>Guy BruneauHow the Compromise of a User Account Lead to a Spam Incident
2014-01-23/a>Chris MohanLearning from the breaches that happens to others Part 2
2014-01-22/a>Chris MohanLearning from the breaches that happens to others
2013-05-08/a>Chris MohanSyria drops from Internet 7th May 2013
2013-03-02/a>Scott FendleyEvernote Security Issue
2012-12-13/a>Johannes UllrichWhat if Tomorrow Was the Day?
2012-11-16/a>Manuel Humberto Santander PelaezInformation Security Incidents are now a concern for colombian government
2012-04-23/a>Russ McReeEmergency Operations Centers & Security Incident Management: A Correlation
2011-10-29/a>Richard PorterThe Sub Critical Control? Evidence Collection
2011-10-28/a>Russ McReeCritical Control 19: Data Recovery Capability
2011-10-27/a>Mark BaggettCritical Control 18: Incident Response Capabilities
2011-09-13/a>Swa FrantzenGlobalSign back in operation
2011-07-25/a>Chris MohanMonday morning incident handler practice
2011-07-09/a>Chris MohanSafer Windows Incident Response
2011-06-03/a>Guy BruneauSonyPictures Site Compromised
2011-04-25/a>Rob VandenBrinkSony PlayStation Network Outage - Day 5
2011-03-25/a>Kevin ListonAPT Tabletop Exercise
2011-03-22/a>Chris MohanRead only USB stick trick
2010-10-18/a>Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-09-04/a>Kevin ListonInvestigating Malicious Website Reports
2010-08-04/a>Tom ListonIncident Reporting - Liston's "How-To" Guide
2010-03-21/a>Chris CarboniResponding To The Unexpected
2010-01-22/a>Mari NicholsPass-down for a Successful Incident Response
2009-06-11/a>Rick WannerMIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-05-01/a>Adrien de BeaupreIncident Management
2009-04-16/a>Adrien de BeaupreIncident Response vs. Incident Handling
2008-10-29/a>Deborah HaleDay 29 - Should I Switch Software Vendors?

RESPONSE

2019-08-25/a>Guy BruneauAre there any Advantages of Buying Cyber Security Insurance?
2018-12-19/a>Xavier MertensUsing OSSEC Active-Response as a DFIR Framework
2017-12-05/a>Tom WebbIR using the Hive Project.
2017-09-17/a>Guy BruneaurockNSM as a Incident Response Package
2017-06-17/a>Guy BruneauMapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2016-08-24/a>Tom WebbStay on Track During IR
2016-02-11/a>Tom WebbTomcat IR with XOR.DDoS
2015-03-07/a>Guy BruneauShould it be Mandatory to have an Independent Security Audit after a Breach?
2014-12-24/a>Rick WannerIncident Response at Sony
2014-12-01/a>Guy BruneauDo you have a Data Breach Response Plan?
2014-04-04/a>Rob VandenBrinkDealing with Disaster - A Short Malware Incident Response
2014-01-23/a>Chris MohanLearning from the breaches that happens to others Part 2
2014-01-22/a>Chris MohanLearning from the breaches that happens to others
2013-10-05/a>Richard PorterAdobe Breach Notification, Notifications?
2013-03-18/a>Kevin ShorttCisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-03-02/a>Scott FendleyEvernote Security Issue
2012-11-16/a>Manuel Humberto Santander PelaezInformation Security Incidents are now a concern for colombian government
2012-04-23/a>Russ McReeEmergency Operations Centers & Security Incident Management: A Correlation
2011-10-28/a>Russ McReeCritical Control 19: Data Recovery Capability
2011-10-27/a>Mark BaggettCritical Control 18: Incident Response Capabilities
2011-07-25/a>Chris MohanMonday morning incident handler practice
2011-07-09/a>Chris MohanSafer Windows Incident Response
2011-04-25/a>Rob VandenBrinkSony PlayStation Network Outage - Day 5
2011-03-25/a>Kevin ListonAPT Tabletop Exercise
2010-10-18/a>Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-09-04/a>Kevin ListonInvestigating Malicious Website Reports
2010-03-25/a>Kevin ListonResponding to "Copyright Lawsuit filed against you"
2010-03-21/a>Chris CarboniResponding To The Unexpected
2010-01-22/a>Mari NicholsPass-down for a Successful Incident Response
2009-06-11/a>Rick WannerMIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-05-01/a>Adrien de BeaupreIncident Management
2009-04-16/a>Adrien de BeaupreIncident Response vs. Incident Handling

TEAM

2020-01-21/a>Russ McReeDeepBlueCLI: Powershell Threat Hunting
2019-11-29/a>Russ McReeISC Snapshot: Search with SauronEye
2019-11-08/a>Xavier MertensMicrosoft Apps Diverted from Their Main Use
2019-10-06/a>Russ McReevisNetwork for Network Data
2019-08-21/a>Russ McReeKAPE: Kroll Artifact Parser and Extractor
2019-07-16/a>Russ McReeCommando VM: The Complete Mandiant Offensive VM
2019-04-05/a>Russ McReeBeagle: Graph transforms for DFIR data & logs
2019-02-05/a>Rob VandenBrinkMitigations against Mimikatz Style Attacks
2018-10-17/a>Russ McReeRedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-06-16/a>Russ McReeAnomaly Detection & Threat Hunting with Anomalize
2012-04-23/a>Russ McReeEmergency Operations Centers & Security Incident Management: A Correlation
2011-03-25/a>Kevin ListonAPT Tabletop Exercise
2010-01-22/a>Mari NicholsPass-down for a Successful Incident Response
2010-01-14/a>Bojan ZdrnjaDRG (Dragon Research Group) Distro available for general release
2009-03-22/a>Mari NicholsDealing with Security Challenges