GSPBC-1017 - Credential Access - Password Spraying

Uploaded by

Faty Diop

0% found this document useful (0 votes)

2 views1 page

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pdf or txt

0% found this document useful (0 votes)

2 views1 page

GSPBC-1017 - Credential Access - Password Spraying

Uploaded by

Faty Diop

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pdf or txt

Jump to Page

You are on page 1of 1

Search inside document

CIRT Playbook Battle Card: GSPBC-1017 - Credential Access - Password Spraying

(P) Preparation (I) Identification (C) Containment

1. Patch asset vulnerabilities 1. Monitor for: 1. Inventory (enumerate & assess)
2. Perform routine inspections of controls/weapons a. Failed login attempts for default and common account names 2. Detect | Deny | Disrupt | Degrade | Deceive | Destroy
3. Ensure that workstations and servers are logging to a central b. Failed login attempts for the same account across multiple 3. Observe -> Orient -> Decide -> Act
location systems 4. Review logs to determine if the attacker successfully logged in to
4. Verify that authentication attempts to systems and applications are c. Failed login attempts to multiple systems from the same source any accounts
being logged 2. Investigate and clear ALL alerts associated with the impacted 5. Lock any compromised accounts
5. Set up network segmentation and firewalls to limit access to assets 6. Issue perimeter enforcement for known threat actor locations
systems and services
6. Make use of multi-factor authentication
7. Establish and enforce a secure password policy

(E) Eradication (R) Recovery (L) Lessons/Opportunities

1. Close the attack vector 1. Restore to the RPO within the RTO 1. Perform routine cyber hygiene due diligence
2. Reset the credentials of any compromised accounts 2. Resolve any related security incidents 2. Engage external cybersecurity-as-a-service providers and
3. Inspect any potentially compromised assets 3. Address collateral damage response professionals

References:
1. MITRE ATT&CK Technique T1110 Sub-technique 003:
https://attack.mitre.org/techniques/T1110/003/
2. NIST Digital Identity Guidelines: https://pages.nist.gov/800-63-
3/sp800-63-3.html
3. Microsoft Password Guidance: https://www.microsoft.com/en-
us/research/wp-
content/uploads/2016/06/Microsoft_Password_Guidance-1.pdf

Resources:
➔ GuardSight GSVSOC Incident Response Plan: https://github.com/guardsight/gsvsoc_cybersecurity-incident-response-plan
➔ IT Disaster Recovery Planning: https://www.ready.gov/it-disaster-recovery-plan
➔ Report Cybercrime: https://www.ic3.gov/Home/FAQ

Business Email Compromise Response Playbook
Document7 pages
Business Email Compromise Response Playbook
Frank Gulmayo
No ratings yet
Erica Jury Duty
Document1 page
Erica Jury Duty
kboudyyo
No ratings yet
Cyber Ark NIST
Document14 pages
Cyber Ark NIST
vqbhanu
50% (2)
Report
Document17 pages
Report
Jay Soni
No ratings yet
The Certified Ethical Hacker Exam - version 8 (The concise study guide)
From Everand
The Certified Ethical Hacker Exam - version 8 (The concise study guide)
alasdair gilchrist
Rating: 3 out of 5 stars
3/5 (9)
Warpaint 23 Fairey Gannet
Document46 pages
Warpaint 23 Fairey Gannet
Raul Garcia
100% (14)
GSPBC-1032 - Resource Development - Compromise Accounts
Document1 page
GSPBC-1032 - Resource Development - Compromise Accounts
Faty Diop
No ratings yet
GSPBC-1003 - Exfiltration - Automated Exfiltration - Data Theft
Document1 page
GSPBC-1003 - Exfiltration - Automated Exfiltration - Data Theft
Faty Diop
No ratings yet
Malware Outbreak Response Playbook
Document6 pages
Malware Outbreak Response Playbook
Frank Gulmayo
No ratings yet
GSPBC-1069 - Command and Control - Communication Through Removable Media
Document1 page
GSPBC-1069 - Command and Control - Communication Through Removable Media
Faty Diop
No ratings yet
Ransomware Response Playbook
Document6 pages
Ransomware Response Playbook
Frank Gulmayo
No ratings yet
Brochure MTCP v4 200221
Document3 pages
Brochure MTCP v4 200221
Md Ariful Islam
No ratings yet
Declaration of Cyber Advisory
Document5 pages
Declaration of Cyber Advisory
deeptanwar1997
No ratings yet
Web Application Compromise Response Playbook
Document7 pages
Web Application Compromise Response Playbook
Frank Gulmayo
No ratings yet
Lec 2017 OwaspTop10-2017-revisited
Document22 pages
Lec 2017 OwaspTop10-2017-revisited
fogoyo1348
No ratings yet
Web Security (CAT-309) - Unit 1 Lecture 1
Document10 pages
Web Security (CAT-309) - Unit 1 Lecture 1
20BCA1382 GYAN VARDHAN
No ratings yet
SIC Micro
Document8 pages
SIC Micro
Hatim Kanchwala
No ratings yet
Devops Security Checklist
Document14 pages
Devops Security Checklist
Natalie Penso
100% (2)
Ecommerce and Web Security (Cber 705) : Assignment # 1
Document5 pages
Ecommerce and Web Security (Cber 705) : Assignment # 1
Mohit Sangwan
No ratings yet
SY0-601問題集、CompTIA実際の試験問題 - 模擬練習
Document24 pages
SY0-601問題集、CompTIA実際の試験問題 - 模擬練習
Vipul Goyal
No ratings yet
Application Security Checklist
Document7 pages
Application Security Checklist
memorybanda2
No ratings yet
Secure Coding Quick Reference-Version1b
Document11 pages
Secure Coding Quick Reference-Version1b
Jagdish annaya
No ratings yet
Web Application Security: ISACA Bangalore Chapter Aug 2007 Runa Dwibedi
Document49 pages
Web Application Security: ISACA Bangalore Chapter Aug 2007 Runa Dwibedi
Akki ash
No ratings yet
Web Application Security: ISACA Bangalore Chapter Aug 2007 Runa Dwibedi
Document49 pages
Web Application Security: ISACA Bangalore Chapter Aug 2007 Runa Dwibedi
Akki ash
No ratings yet
Hackplanet Certified Metasploit Expert - Metasploit Training
Document4 pages
Hackplanet Certified Metasploit Expert - Metasploit Training
Shubham Mittal
No ratings yet
Top 12 Security Information Analyst Interview Questions
Document4 pages
Top 12 Security Information Analyst Interview Questions
Tarik A R Biswas
No ratings yet
Assessment Report:: Web Application Penetration Test Web Application Penetration Test
Document41 pages
Assessment Report:: Web Application Penetration Test Web Application Penetration Test
hieplee
No ratings yet
my cs205
Document13 pages
my cs205
bc230430699ana
No ratings yet
Complete Guide To Enterprise Container Security: Released: February 20, 2018
Document24 pages
Complete Guide To Enterprise Container Security: Released: February 20, 2018
Victor
No ratings yet
Cert-In: Web Server Security Guidelines
Document22 pages
Cert-In: Web Server Security Guidelines
Ravikar Shyam
No ratings yet
Red Team Training
Document16 pages
Red Team Training
Fernando da Costa Correa
No ratings yet
Security and Risk Management - 2021.txt-p
Document43 pages
Security and Risk Management - 2021.txt-p
Abdi Mohamed
No ratings yet
(OLD) WP - Protecting Against Scanners and Crackers
Document10 pages
(OLD) WP - Protecting Against Scanners and Crackers
ichilov
No ratings yet
CSE3502-Information Security Management Digital Assignment-2 Audit Report
Document13 pages
CSE3502-Information Security Management Digital Assignment-2 Audit Report
Shadow
No ratings yet
Paper 11
Document5 pages
Paper 11
mihirinsta8
No ratings yet
Assessment
Document50 pages
Assessment
Pham Dinh Chung
No ratings yet
Business Email Compromise IR Guide
Document40 pages
Business Email Compromise IR Guide
harrykelvin10
No ratings yet
Hackplanet Certified Metasploit Expert
Document4 pages
Hackplanet Certified Metasploit Expert
shubham6957
No ratings yet
Ppars2 Security (Pci Comp)
Document7 pages
Ppars2 Security (Pci Comp)
Alex Piasetskiy
No ratings yet
Database Security Lab Manual
Document65 pages
Database Security Lab Manual
Akhilesh [MAVIS] Pokale
No ratings yet
Red Team Operation Course (Online)
Document16 pages
Red Team Operation Course (Online)
fabrice Konan
No ratings yet
Cissp: The 8 Domains of CISSP
Document52 pages
Cissp: The 8 Domains of CISSP
Lacky Krishnan
No ratings yet
OWASP - API Testing
Document17 pages
OWASP - API Testing
ahsanofficial237
No ratings yet
Infrastructure Tracks
Document8 pages
Infrastructure Tracks
abdlwhapahmed12
No ratings yet
CompTIA Premium SY0-401 v2016-04-11 by VCEplus 200q1752q
Document150 pages
CompTIA Premium SY0-401 v2016-04-11 by VCEplus 200q1752q
Akanksha Verma
No ratings yet
FALLSEM2022-23 CSE3501 ETH VL2022230103462 CAT-2 QP KEY F1 Slot - QP - Answer Key
Document2 pages
FALLSEM2022-23 CSE3501 ETH VL2022230103462 CAT-2 QP KEY F1 Slot - QP - Answer Key
Mohammed Muazz Zuberi
No ratings yet
Cybersecurity Best Practices For Python Web Applications
Document25 pages
Cybersecurity Best Practices For Python Web Applications
Abu Rayhan
No ratings yet
Incident Response Playbooks 1687937708
Document21 pages
Incident Response Playbooks 1687937708
mac
No ratings yet
CCNA Cyber Ops (Version 1.1) - Chapter 10 Exam Answers Full
Document13 pages
CCNA Cyber Ops (Version 1.1) - Chapter 10 Exam Answers Full
Saber Tunisien
No ratings yet
Module 1 Topic 2 Designing A Framework For Designing and Implementing Security
Document4 pages
Module 1 Topic 2 Designing A Framework For Designing and Implementing Security
Ciara Afable
No ratings yet
Ilovepdf Merged (7) Merged
Document139 pages
Ilovepdf Merged (7) Merged
diplomadostha
No ratings yet
BCA VI Sem Network Management and Security
Document30 pages
BCA VI Sem Network Management and Security
Richa
No ratings yet
Reporte LabM3 EMayorgaV
Document14 pages
Reporte LabM3 EMayorgaV
Elias Goodman
No ratings yet
Assessment of Open Source Web Application Security Scanners
Document8 pages
Assessment of Open Source Web Application Security Scanners
aylinduba
No ratings yet
PEN-200 Lab Report
Document8 pages
PEN-200 Lab Report
Silver Uchiha
No ratings yet
Honeypots: Seminar Report On
Document23 pages
Honeypots: Seminar Report On
Kiran Rekhi
No ratings yet
Lesson 3 Information Systems Security Management
Document6 pages
Lesson 3 Information Systems Security Management
kariukipoly
No ratings yet
Securing SQL Server: DBAs Defending the Database
From Everand
Securing SQL Server: DBAs Defending the Database
Peter A. Carter
No ratings yet
Post-Silicon Validation and Debug
From Everand
Post-Silicon Validation and Debug
Prabhat Mishra
No ratings yet
Network Security Traceback Attack and React in the United States Department of Defense Network
From Everand
Network Security Traceback Attack and React in the United States Department of Defense Network
Edmond K. Machie
No ratings yet
Basic Setup of FortiGate Firewall
From Everand
Basic Setup of FortiGate Firewall
Dr. Hidaia Mahmood Alassoulii
No ratings yet
Learn Penetration Testing with Python 3.x: Perform Offensive Pentesting and Prepare Red Teaming to Prevent Network Attacks and Web Vulnerabilities (English Edition)
From Everand
Learn Penetration Testing with Python 3.x: Perform Offensive Pentesting and Prepare Red Teaming to Prevent Network Attacks and Web Vulnerabilities (English Edition)
Yehia Elghaly
Rating: 5 out of 5 stars
5/5 (1)
Country Profile United Kingdom
Document5 pages
Country Profile United Kingdom
wickerette
No ratings yet
Cash Voucher
Document1 page
Cash Voucher
abhishek200918177825
No ratings yet
BTS Bible Verses 2021 - Ƒ
Document1 page
BTS Bible Verses 2021 - Ƒ
Russiel Dagohoy
No ratings yet
Your Body Your Choice
Document10 pages
Your Body Your Choice
api-519452875
No ratings yet
David v. Arroyo GR No. 171396
Document2 pages
David v. Arroyo GR No. 171396
Jel Aboga
No ratings yet
WWW - Redbus.in Print Control Page
Document1 page
WWW - Redbus.in Print Control Page
Venu Gopal
No ratings yet
Martin Luter King Speech
Document2 pages
Martin Luter King Speech
Ssss Fra
No ratings yet
Occult Odds & Ends: Aquila Ponticus
Document2 pages
Occult Odds & Ends: Aquila Ponticus
Adam
No ratings yet
Imperialism Adapted DBQ
Document5 pages
Imperialism Adapted DBQ
api-504357783
No ratings yet
The Nature and Dimensions of Conflict
Document31 pages
The Nature and Dimensions of Conflict
Lancelot Nyamaka
No ratings yet
Mark Anthony Cato v. Immigration and Naturalization Service, 84 F.3d 597, 2d Cir. (1996)
Document7 pages
Mark Anthony Cato v. Immigration and Naturalization Service, 84 F.3d 597, 2d Cir. (1996)
Scribd Government Docs
No ratings yet
Pointer Journal - Vol 36 No. 3-4. Should The Armed Force Be Employed To Fight The War or Win The Peace - A Look at The Military's Involvement in HADR
Document10 pages
Pointer Journal - Vol 36 No. 3-4. Should The Armed Force Be Employed To Fight The War or Win The Peace - A Look at The Military's Involvement in HADR
Xiaohei Tay
No ratings yet
Agenda of The Bottomless Pit Nazi Plan
Document14 pages
Agenda of The Bottomless Pit Nazi Plan
Frank Nic. Bazsika
No ratings yet
Brochure CICM 2020
Document5 pages
Brochure CICM 2020
Asif Mostafa Anik
No ratings yet
Akkamma Cherian Was An Indian Independence Activist
Document4 pages
Akkamma Cherian Was An Indian Independence Activist
manu,bc
No ratings yet
Engineer Ali Mirza of Jhelum and His Conspiracy in Support of Mirzais and Nusairiah, Refuting Engineer Ali Mirza of Jhelu
Document9 pages
Engineer Ali Mirza of Jhelum and His Conspiracy in Support of Mirzais and Nusairiah, Refuting Engineer Ali Mirza of Jhelu
AHLUSSUNNAHVSALIMIRZA
No ratings yet
Midnights Children Salman Rushdie Reading Guide
Document3 pages
Midnights Children Salman Rushdie Reading Guide
april rose quibuyen
No ratings yet
People V Wagas
Document1 page
People V Wagas
Mosarah Alt
No ratings yet
Customer Enrollment Form For HC Consumer Finance Philippines Inc. Customers
Document3 pages
Customer Enrollment Form For HC Consumer Finance Philippines Inc. Customers
Dessa Palomo
No ratings yet
6-People Vs Arevalo
Document50 pages
6-People Vs Arevalo
Lexter Cruz
No ratings yet
Section 13
Document5 pages
Section 13
Neha Singh
No ratings yet
Valdez Vs Dabon (775 SCRA 1)
Document36 pages
Valdez Vs Dabon (775 SCRA 1)
Mark Gabriel B. Maranga
No ratings yet
15 Days Analytical Traning Centre Shedule
Document1 page
15 Days Analytical Traning Centre Shedule
Tejas Shirsath
No ratings yet
Election Law 1st Batch Cases
Document8 pages
Election Law 1st Batch Cases
Darlene Ganub
No ratings yet
National Capital Region
Document28 pages
National Capital Region
Wayna Aya Songday
No ratings yet
Coastwise Lighterage Corporation v. CA
Document1 page
Coastwise Lighterage Corporation v. CA
Anonymous 5MiN6I78I0
No ratings yet
Introduction To Criminal Justice
Document48 pages
Introduction To Criminal Justice
Jennifer Dominick
100% (1)
Grade 6 - My Family and Other Globalizers
Document3 pages
Grade 6 - My Family and Other Globalizers
Jairo Cacho
No ratings yet