Skip to content

Latest commit

 

History

History

Chapter8

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
defenderrespondedtoosoon.PNG
defenderrespondedtoosoon.PNG
 
 
defendertriagerca.PNG
defendertriagerca.PNG
 
 
whentorespond.PNG
whentorespond.PNG
 
 

README.md

Chapter 8 - Clearing the Field

This chapter is about ending the conflict and remediating a compromise

Topics

This chapter covers several topics such as:

  • Exfiltration with protocol tunneling
  • Using steganography in exfiltration
  • Public dump sites
  • Public anonymity networks
  • Private anonymity networks
  • Program security
  • Taking down infrastructure
  • Retiring tools and techniques
  • Fully scoping an intrusion
  • Containing the incident
  • Remediation activities
  • Post-mortem analysis
  • Publishing lessons learned
  • Forward looking activities

Images

The following are some images included in this chapter

This image shows some consideration that could be done on when to respond to a incident When should a defender respond

This image shows what happens if a defender responds too soon without fully scoping the incident A defender responds without fully scopiong the incident

This last images shows how a defender can triage their entire fleet, quarantine hosts, and perform RCA strategicly A defender responds with scoping, quarantine, and RCA