Tag: incident-response
All the articles with the tag "incident-response".
-
Receiving a Responsible Disclosure: What Happens When a Researcher Finds Something First
An independent researcher found an open directory listing on one of our public-facing servers exposing archive files that had been sitting there since 2023. Here's how we handled it.
-
MFA Bypass via Push Fatigue: When the Second Factor Isn't Enough
A phishing campaign captured two sets of credentials and resulted in one full account breach with MFA bypass. Here's how it unfolded and what contained it.
-
PcClient.bal RAT Outbreak: Six Hosts, After-Hours Beaconing, and a Gap in Egress Policy
A single IDS alert turned into a six-host RAT cluster, all beaconing after hours on non-standard ports. The firewall didn't catch it. The IDS did.
-
Two C2 Cases, One Day: Reading the Difference Between Infected and Blocked
Two C2 investigations on the same day with very different outcomes — one confirmed infection with active beaconing, one clean block. The key was knowing what the firewall logs were actually telling me.