Insights · Tag

#incident response

3 posts tagged incident response.

DFIR 14 May 2024

Anatomy of a ransomware breach: from one exposed RDP port to domain-wide encryption in 72 hours

A sanitized DFIR debrief of a ransomware intrusion at a large Indian manufacturer. We reconstruct the timeline from a misconfigured firewall rule and a brute-forced RDP login through Mimikatz, AV removal, PsExec lateral movement, and full-estate encryption — and the anti-forensics that nearly erased the trail.

By Cyberange DFIR Team

DFIR 14 Apr 2022

Just a marketing website: how a neglected WordPress site became a path to Domain Admin

It came in as a spam complaint. It ended at a forgotten brochure website wired into the company's domain controller, with the Domain Admin password sitting in a script on someone's desktop. A story about the assets nobody thinks are worth attacking.

By Cyberange DFIR Team

DFIR 26 May 2026

The CERT-In six-hour window: what your DFIR runbook needs to say

CERT-In Direction 70B (April 2022) requires reporting of certain cyber incidents within six hours of detection. A practical breakdown of what the clock actually measures, what your runbook needs to include, and where most organisations get the timeline wrong.

By Cyberange DFIR Consulting