Ciberesponce
  • Home
  • About Me
  • GitHub
Subscribe
Tagged

Containment

A collection of 3 posts

Detecting Lateral Movement with Windows Event IDs
Containment

Detecting Lateral Movement with Windows Event IDs

How can you use PowerShell and Event IDs to detect the most important events you need to be aware of and respond to?

  • Andrew Harris
Andrew Harris Oct 6, 2021 • 6 min read
A primer on SAML, Golden SAML, Sunburst
Identity

A primer on SAML, Golden SAML, Sunburst

How the adversary steamrolled customers on-premises, and their cloud, bypassing MFA, and the facts on how we got here and why Microsoft was an enabler of the whole thing

  • Andrew Harris
Andrew Harris Jun 25, 2021 • 5 min read
A necessary component to any Cyber Incident Response: Containment
Incident Response

A necessary component to any Cyber Incident Response: Containment

Incident Response and ContainmentAnyone who does Incident Response (IR), or any Digital Forensics Incident Response (DFIR) process knows that collecting Indicators of Compromise (IOC) is only half the story. Eventually, you’ll need to recover the environment, which inherently means you best have confidence in the IOCs and have a

  • Andrew Harris
Andrew Harris Dec 19, 2020 • 4 min read
Ciberesponce © 2022
Powered by Ghost