GSPBC-1069 - Command and Control - Communication Through Removable Media

Uploaded by

Faty Diop

0% found this document useful (0 votes)

1 views1 page

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pdf or txt

0% found this document useful (0 votes)

1 views1 page

GSPBC-1069 - Command and Control - Communication Through Removable Media

Uploaded by

Faty Diop

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pdf or txt

Jump to Page

You are on page 1of 1

Search inside document

CIRT Playbook Battle Card: GSPBC-1069 - Command and Control - Communication Through Removable Media

(P) Preparation (I) Identification (C) Containment

1. Patch asset vulnerabilities 1. Monitor for: 1. Inventory (enumerate & assess)
2. Perform routine inspections of controls/weapons a. unexpected file access on removable media [4] 2. Detect | Deny | Disrupt | Degrade | Deceive | Destroy
3. Maintain Antivirus/EDR application updates b. newly executed processes when removable media is mounted [5] 3. Observe -> Orient -> Decide -> Act
4. Create network segmentation 2. Investigate and clear ALL alerts associated with the impacted assets or accounts 4. Issue perimeter enforcement for known threat actor locations
5. Log traffic between network segments 3. Routinely check firewall, IDS, IPS, and SIEM logs for any unusual activity 5. Archive scanning related artifacts such as IP addresses, user agents, and requests
6. Incorporate threat intelligence 6. Determine the source and pathway of the attack
7. Perform routine inspections of asset backups 7. Fortify non-impacted critical assets
8. Conduct user security awareness training 8. Disable Internet access if an asset is suspected of C2 communication [1]
9. Conduct response training (this PBC)
10. Disable Autoruns if not needed [2]
11. Set policies to restrict the use of removable media at an organization level [3]

(E) Eradication (R) Recovery (L) Lessons/Opportunities

1. Close the attack vector by applying the Preparation steps listed above 1. Restore to the RPO (Recovery Point Objective) within the RTO (Recovery Time 1. Perform routine cyber hygiene due diligence
2. Perform endpoint/AV scans on targeted systems Objective) 2. Engage external cybersecurity-as-a-service providers and response professionals
3. Reset any compromised passwords 2. Address any collateral damage by assessing exposed technologies 3. Implement policy changes to reduce future risk
4. Inspect ALL assets and user activity for IOC consistent with the attack profile 3. Resolve any related security incidents 4. Utilize newly obtained threat signatures
5. Inspect backups for IOC consistent with the attack profile PRIOR to system recovery 4. Restore affected systems to their last clean backup 5. Remember that data and events should not be viewed in isolation but as part of a
6. Patch asset vulnerabilities chain of behavior that could lead to other activities

References:
1. https://attack.mitre.org/techniques/T1092/
2. https://attack.mitre.org/mitigations/M1042/
3. https://attack.mitre.org/mitigations/M1028/
4. https://attack.mitre.org/datasources/DS0016/#Drive%20Access
5. https://attack.mitre.org/datasources/DS0016/#Drive%20Creation

2021 Oct
Document64 pages
2021 Oct
Ahm Ferdous
100% (1)
VWT Magazine - June 2022
Document102 pages
VWT Magazine - June 2022
MtDaniel Acosta
No ratings yet
CEH Notes 1634542632
Document208 pages
CEH Notes 1634542632
ajai.a
No ratings yet
Anon Guide
Document16 pages
Anon Guide
rahmaniqbal
No ratings yet
GSPBC-1032 - Resource Development - Compromise Accounts
Document1 page
GSPBC-1032 - Resource Development - Compromise Accounts
Faty Diop
No ratings yet
GSPBC-1003 - Exfiltration - Automated Exfiltration - Data Theft
Document1 page
GSPBC-1003 - Exfiltration - Automated Exfiltration - Data Theft
Faty Diop
No ratings yet
Malware Outbreak Response Playbook
Document6 pages
Malware Outbreak Response Playbook
Frank Gulmayo
No ratings yet
Security Part I Auditing Operating Systems and Networks
Document35 pages
Security Part I Auditing Operating Systems and Networks
Robert Castillo
No ratings yet
Ransomware Response Playbook
Document6 pages
Ransomware Response Playbook
Frank Gulmayo
No ratings yet
Management Information Systems
Document9 pages
Management Information Systems
cyrus
No ratings yet
GSPBC-1017 - Credential Access - Password Spraying
Document1 page
GSPBC-1017 - Credential Access - Password Spraying
Faty Diop
No ratings yet
Digital Security
Document21 pages
Digital Security
Krishna Nayak
No ratings yet
CyberScurity Training
Document3 pages
CyberScurity Training
jobtimeseo
No ratings yet
Section 5: Incident Response: 1. Topic 1 Event Vs Incident
Document7 pages
Section 5: Incident Response: 1. Topic 1 Event Vs Incident
fadhil
No ratings yet
Comprehensive Lab
Document32 pages
Comprehensive Lab
Sudharsan Bala
No ratings yet
Approaches To Cybercrime and Espionage.
Document9 pages
Approaches To Cybercrime and Espionage.
Aisha Ahmed
No ratings yet
Module 1 Topic 2 Designing A Framework For Designing and Implementing Security
Document4 pages
Module 1 Topic 2 Designing A Framework For Designing and Implementing Security
Ciara Afable
No ratings yet
Android Hacking in Kali Linux Using Metasploit Fra
Document8 pages
Android Hacking in Kali Linux Using Metasploit Fra
malikale
No ratings yet
Week6 KillChain
Document17 pages
Week6 KillChain
Frozone
No ratings yet
Cissp: The 8 Domains of CISSP
Document52 pages
Cissp: The 8 Domains of CISSP
Lacky Krishnan
No ratings yet
DIT1243 Tutorial 11
Document4 pages
DIT1243 Tutorial 11
Cathay Wong
No ratings yet
Red Team Training
Document16 pages
Red Team Training
Fernando da Costa Correa
No ratings yet
Roles - CERT in
Document1 page
Roles - CERT in
api-27477209
No ratings yet
Novel Implementation of Hybrid Rootkit: 2. Algorithm 2.1 Reverse Connection
Document6 pages
Novel Implementation of Hybrid Rootkit: 2. Algorithm 2.1 Reverse Connection
International Journal Of Emerging Technology and Computer Science
No ratings yet
Interview Questions 2
Document5 pages
Interview Questions 2
Ayesh Hosh
No ratings yet
Nischita Paudel N4 Week-6
Document14 pages
Nischita Paudel N4 Week-6
Nissita Pdl
No ratings yet
Ccna Security Ch1 Networking Security Concepts
Document10 pages
Ccna Security Ch1 Networking Security Concepts
florinn81
No ratings yet
Footprinting and Scanning
Document16 pages
Footprinting and Scanning
crispin quadros
No ratings yet
2018 Paula Januszkiewicz Hacking and Securing Windows Infrastructure
Document3 pages
2018 Paula Januszkiewicz Hacking and Securing Windows Infrastructure
Nagaraj KT
No ratings yet
Red Team Operations
Document16 pages
Red Team Operations
andreyaguiaraze
No ratings yet
Cia Part 3 - Study Unit 11 IT Security and Application Development Core Concepts
Document3 pages
Cia Part 3 - Study Unit 11 IT Security and Application Development Core Concepts
floricelfloricel
No ratings yet
Ch14 QuizSoln
Document3 pages
Ch14 QuizSoln
هارون المقطري
No ratings yet
Unit 2 Notes
Document18 pages
Unit 2 Notes
Divya Darsini
No ratings yet
Paper 11
Document5 pages
Paper 11
mihirinsta8
No ratings yet
Incident
Document13 pages
Incident
nagarjuna
No ratings yet
CH 01
Document24 pages
CH 01
Nam Nguyen
No ratings yet
Advanced Penetration Testing Glossary 2
Document4 pages
Advanced Penetration Testing Glossary 2
Hosny ipsec
No ratings yet
Advanced Penetration Testing Glossary 2
Document4 pages
Advanced Penetration Testing Glossary 2
Jhon Na
No ratings yet
Chapter 7
Document4 pages
Chapter 7
VENICE HOSMILLO
No ratings yet
Seletar Spirit - CyberSecurity JHA
Document5 pages
Seletar Spirit - CyberSecurity JHA
Romit Gupta
No ratings yet
Cyber Security 2
Document6 pages
Cyber Security 2
Harshita Sharma
No ratings yet
Cybersecurity Checklist 190228
Document2 pages
Cybersecurity Checklist 190228
Śàmï Böÿ
No ratings yet
CH01 CompSec4e
Document20 pages
CH01 CompSec4e
jffd
No ratings yet
108 Gbram
Document11 pages
108 Gbram
Rohit Ghanekar
No ratings yet
Chapter 3: Tools and Methods Used in Cybercrime
Document34 pages
Chapter 3: Tools and Methods Used in Cybercrime
Narasimha Murthy
No ratings yet
Comparative Study of IP Traceback System
Document7 pages
Comparative Study of IP Traceback System
abdrheemsultan
No ratings yet
Chapter 1 2022
Document60 pages
Chapter 1 2022
Nasis Dereje
No ratings yet
Vulnerability Assessment and Penetration Testing PDF
Document6 pages
Vulnerability Assessment and Penetration Testing PDF
proftechitspecialist
No ratings yet
Chapter 5
Document66 pages
Chapter 5
Imran Farhan
No ratings yet
Experiment No. 1: A.1 Aim
Document7 pages
Experiment No. 1: A.1 Aim
asdfgh
No ratings yet
Fortisandbox: Broad Coverage of The Attack Surface With Security Fabric
Document6 pages
Fortisandbox: Broad Coverage of The Attack Surface With Security Fabric
Wilson Yecit Ortiz
No ratings yet
1.4.1.1 Lab - Researching Network Attacks and Security Audit Tools
Document4 pages
1.4.1.1 Lab - Researching Network Attacks and Security Audit Tools
Jordan Tobing
No ratings yet
Threat and Vulnerability Management Policy
Document12 pages
Threat and Vulnerability Management Policy
madhwarajganguli
100% (1)
STIX 2.0 Model and Patterns: Applying API Economy To Cybersecurity
Document60 pages
STIX 2.0 Model and Patterns: Applying API Economy To Cybersecurity
euryjose
No ratings yet
Ieee Journal Detecting
Document14 pages
Ieee Journal Detecting
Syams Fathur
No ratings yet
Cyber Security: Mrs. V. Nikitha
Document78 pages
Cyber Security: Mrs. V. Nikitha
nikitha veeramalla
No ratings yet
Assignment 1
Document19 pages
Assignment 1
thazni kassim
No ratings yet
CCNA Cyber Ops v1.1
Document200 pages
CCNA Cyber Ops v1.1
loffy hacker
No ratings yet
Operation Wocao: Shining A Light On One of China's Hidden Hacking Groups
Document41 pages
Operation Wocao: Shining A Light On One of China's Hidden Hacking Groups
Sheloq
No ratings yet
Information Security
Document12 pages
Information Security
Iqra Razaq
No ratings yet
Brochure MTCP v4 200221
Document3 pages
Brochure MTCP v4 200221
Md Ariful Islam
No ratings yet
Lab 1 - Researching Network Attacks and Security Audit Tools
Document5 pages
Lab 1 - Researching Network Attacks and Security Audit Tools
Jood salem
No ratings yet
Network Security Traceback Attack and React in the United States Department of Defense Network
From Everand
Network Security Traceback Attack and React in the United States Department of Defense Network
Edmond K. Machie
No ratings yet
W6!7!304E Skin-Pass Mills References
Document36 pages
W6!7!304E Skin-Pass Mills References
dorin serban
No ratings yet
Suffix Array
Document71 pages
Suffix Array
Khoi Nguyen
No ratings yet
Alternative Asswssment
Document9 pages
Alternative Asswssment
hind
No ratings yet
Statellite Communication Notes
Document50 pages
Statellite Communication Notes
sathish14singh
No ratings yet
STD: Xii Preliminary Examination MARKS: 70 DATE: - / - / - Chemistry Duration: 3 HR General Instructions
Document3 pages
STD: Xii Preliminary Examination MARKS: 70 DATE: - / - / - Chemistry Duration: 3 HR General Instructions
Aniket Saini
No ratings yet
Comed Eva-Hf325 Hf525 Ver.2.0 Generator Xray Machine
Document23 pages
Comed Eva-Hf325 Hf525 Ver.2.0 Generator Xray Machine
Abu Bakr M. Saeed
No ratings yet
Sakshi Mathur HR
Document2 pages
Sakshi Mathur HR
sakshimathur
No ratings yet
Melt Pressure Transmitters Ke Series Performance Level C': Output 4... 20ma
Document6 pages
Melt Pressure Transmitters Ke Series Performance Level C': Output 4... 20ma
edgar covarrubias
No ratings yet
Asian Methodology
Document5 pages
Asian Methodology
Joyce l. Gaytos
No ratings yet
Dalton Delivery Service - W Union BLVD Tanker Accident
Document2 pages
Dalton Delivery Service - W Union BLVD Tanker Accident
Julian Abraham
No ratings yet
Nozag Spindels Systemkatalog 2015 e
Document160 pages
Nozag Spindels Systemkatalog 2015 e
Ruben Pauwels
No ratings yet
Toyota Training Automatic Transmission Basics
Document20 pages
Toyota Training Automatic Transmission Basics
norman
100% (41)
ISQua White Paper PCC-from-theory-to-practice 2022-10-7
Document54 pages
ISQua White Paper PCC-from-theory-to-practice 2022-10-7
yudha tama
No ratings yet
Allweiler SN Series PDF
Document12 pages
Allweiler SN Series PDF
jorge
No ratings yet
Deed of Donation Template
Document2 pages
Deed of Donation Template
Ce Jey
No ratings yet
Lecture 7 (Two Sample Tests)
Document28 pages
Lecture 7 (Two Sample Tests)
Carlene Ugay
No ratings yet
A Major ResearchProposal Group4 BSN3D v1.0 20210117
Document23 pages
A Major ResearchProposal Group4 BSN3D v1.0 20210117
Iosif Cade
No ratings yet
Bibliografia - Metodologia Agil
Document2 pages
Bibliografia - Metodologia Agil
Jane DD
No ratings yet
Suggestions For The Written Exam Essay Translation Math For The Post of Assistant Director of Bangladesh Bank
Document3 pages
Suggestions For The Written Exam Essay Translation Math For The Post of Assistant Director of Bangladesh Bank
Marzan Bin Azad
No ratings yet
List of Public Information Officers For Punjab Transparency and Right To Information ACT 2013
Document41 pages
List of Public Information Officers For Punjab Transparency and Right To Information ACT 2013
arhijazi
No ratings yet
Partnership Exercise 2
Document5 pages
Partnership Exercise 2
nik
No ratings yet
938F Wheel Loader 7SN00001-UP (MACHINE) POWERED BY 3116 Engine (SEBP2374 - 53) - Sistemas y Componentes
Document15 pages
938F Wheel Loader 7SN00001-UP (MACHINE) POWERED BY 3116 Engine (SEBP2374 - 53) - Sistemas y Componentes
Carlos Andres Campos Torres
No ratings yet
??? Chris "The Legend" Sain - Journey To $100k
Document9 pages
??? Chris "The Legend" Sain - Journey To $100k
engkj
No ratings yet
Gcos 227 en
Document62 pages
Gcos 227 en
najibnja
No ratings yet
Application New Broadband
Document2 pages
Application New Broadband
Mithun Murali
No ratings yet
Critical Lift Plan Form - Sa 9644 Rev.01
Document1 page
Critical Lift Plan Form - Sa 9644 Rev.01
Anuraj
0% (1)
New Explanatory Model For Policy Analysis and Evaluation
Document35 pages
New Explanatory Model For Policy Analysis and Evaluation
Mar J C-m
No ratings yet