-
How to Build a Phishing Playbook Part 1: Preparation
Automating response to phishing attacks remains one of the core use-cases of SOAR platforms. In 2022, the Anti-Phishing Working Group (APWG) logged ~4.7 million phishing…
-
Implementing MITRE D3FEND for ATT&CK Technique T1110: Brute Force
When account credentials are unknown, attackers may use a brute force attack in order to gain access. This can occur as an early stage of…
-
Implementing MITRE D3FEND for ATT&CK Technique T1053: Scheduled Task/Job
Scheduled task/job threats, which make up MITRE ATT&CK Technique T1053, can have severe implications for an organization’s security. MITRE also outlines how to address this…
-
How to Automate Incident Response to MITRE ATT&CK Technique T1003: OS Credential Dumping
In this blog post, we will outline four incident response playbooks for MITRE ATT&CK Technique T1003: OS Credential Dumping. Credential Dumping is a technique that…
-
Playbook Breakdown: Cross-Stack Analysis with CrowdStrike, Zscaler, and Active Directory
In this post, we explore how CrowdStrike, Zscaler, and Active Directory can be used in one playbook to investigate and respond to a remote file…