Skip to content
SynAc
Tag

Incident Response

Triage, containment, recovery, and forensics.

  1. account recovery/term/account-recovery

    The ability to regain ownership of a subscriber account and its associated information and privileges.

  2. Availability/term/availability

    Availability is the property that systems and data are accessible and usable when needed.

  3. Email Collection/term/email-collection

    Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Emails may also contain details of ongoing incident response operations, which may allow adversaries to adjust their techniques in order to maintain persistence or evade defenses.(Citation: TrustedSec OOB Communications)(Citation: CISA AA20 352A 2021) Adversaries can collect or forward email from mail servers or clients.

  4. Windows Management Instrumentation/term/windows-management-instrumentation

    Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is designed for programmers and is the infrastructure for management data and operations on Windows systems.(Citation: WMI 1 3) WMI is an administration feature that provides a uniform environment to access Windows system components.