Category Archives: Incident Response

Talking about RFC 9424 – Indicators of Compromise (IoCs) and Their Role in Attack Defence

Posted on September 6, 2023 by HatsOffSecurity

Discussing the newly published RFC 9424 and how IoCs can be used to build better defences, without relying on looking backwards. Continue reading

Posted in Attack, Cyber, General, Hardening, Incident Response, Introduction, IoCs, Windows Forensics | Tagged , , , , , , , , , , , , , | Leave a comment

PowerShell Basic Introduction (Security Version)

Posted on September 25, 2022 by HatsOffSecurity

PowerShell has grown since its introduction in 2003 and implementation in Windows XP in 2006. What started as a closed source, proprietary upgrade to the Command Prompt has now grown into an open-source, resource rich Command Line Interface (CLI) and … Continue reading

Posted in Incident Response, PowerShell, Preparation, Windows Forensics | Tagged , , , , , , , | 1 Comment

Types of Threat – Explained

Posted on September 20, 2015 by HatsOffSecurity

From a high level what are the types or categories of threats faced by the Security professional? Let’s go over some basics. Internal Authorised Internal Unauthorised Internal to External External to Internal External to External (new) The first 4 are … Continue reading

Posted in Cyber, Forensic Readiness Plan, Incident Response, Preparation | Tagged , , , , , , | Leave a comment

Pass-the-hash Mitigation – Tip of the Day

Posted on July 17, 2015 by HatsOffSecurity

I have been recently researching Pass the Hash mitigation techniques and I have found that there are the usual comments about not logging on to workstations with Admin accounts, ensuring your local admin accounts don’t have the same password, ensuring … Continue reading

Posted in Group Policy, Hardening, Incident Response, pass the hash, Pen Testing, Preparation, Research | Tagged , , , , , | Leave a comment

Renaming a GRR Server & Client Configuration

Posted on April 5, 2015 by HatsOffSecurity

Renaming the Server & Updating the Clients Rather than rebuilding a new server for every deployment you may feel it is easier to build a clean virtual build and clone that for each customer. As such renaming the VM would … Continue reading

Posted in Google Rapid Response, GRR, Incident Response | Tagged , , , | Leave a comment

Incident Response Process Phase 3 – Containment

Posted on September 6, 2014 by HatsOffSecurity

First Steps When moving into the containment phase an incident has already been declared. It is now time to categorise the incident and relay this to the customer/management. The categorisation or characterisation of the incident can be broken down into … Continue reading

Posted in Containment, Incident Response | Tagged , , , | Leave a comment

Incident Response Process Phase 2 – Identification

Posted on August 20, 2014 by HatsOffSecurity

Identification I was going to do another section on Preparation, but I realised I could continue with that until the end of days. So lets move on to Identification How does the Identification phase start? There are a multitude of … Continue reading

Posted in Cyber, Identification, Incident Response | Tagged , , , | Leave a comment

Incident Response Process Phase 1 – Preparation

Posted on August 7, 2014 by HatsOffSecurity

This phase is open-ended, you will always be tweaking and fiddling policies and technologies to make the environment as secure as you can. Just as you think it’s fixed, a zero day comes along and ruins your picnic. So what … Continue reading

Posted in Incident Response, Preparation | Tagged , , , | Leave a comment

Incident Response Process

Posted on August 7, 2014 by HatsOffSecurity

Today I am going to discuss the basics of an Incident Response process. I did not create this, I would love to give credit to those who did! There are other variations out there, however they all follow the basic … Continue reading

Posted in Incident Response, Introduction | Tagged , , | Leave a comment