Ransomware incidents often follow a standard playbook that contains similar stuff to: AD Recon with PS - Cobalt Strike - SystemBC - Common tools such as AdFind, Mimikatz, PsExec, etc. 1/2 Tweet added by DebugPrivilege @DebugPrivilege

DebugPrivilege

2 years

Ransomware incidents often follow a standard playbook that contains similar stuff to: AD Recon with PS - Cobalt Strike - SystemBC - Common tools such as AdFind, Mimikatz, PsExec, etc. 1/2

HAMZA 🇲🇦 🇵🇸

@Cyb3rSn0rlax

2 years

@DebugPrivilege Key differences between responding to Ransomware incident and other types of impact?

1

0

7

4

24

156

Eric L.

@qc_sec

2 years

@DebugPrivilege Are you on holidays? 🙂

1

0

DebugPrivilege

@DebugPrivilege

2 years

@qc_sec Tomorrow 😅

0

2

Daniel Stefaniak [email protected]

@d0m3l

2 years

@DebugPrivilege have you tried PurpleKnight from @SemperisTech ? I played with it recently - it is awesome!

2

0

2

DebugPrivilege

@DebugPrivilege

2 years

@d0m3l @SemperisTech Yes, but what has this to do with it?

1

0

B^n

@bbenthbear

2 years

@DebugPrivilege If you're looking at TTPs, specifically, I think @kaspersky did a phenomenal job profiling the top 8 ransomware actors in the below report.

0

2

7

Zainul Abideen

@ZainulA40877140

2 years

@DebugPrivilege Put resources into incident response, instead of just prevention. Deliver easily actionable information and moving proactively and transparently to maintain trust is vital. Be prepared for responding to worst and don’t think about failures of catastrophic proportions.

0

Replies