This repository contains structured and actionable security incident response playbooks developed for realistic scenarios in modern enterprise environments. Each playbook outlines key roles, tools, procedures, and post-incident activities based on NIST 800-61 standards and blue team best practices.
1. ๐ playbooks/
| Incident Type | Description |
|---|---|
| ๐งท Hashed Passwords Theft | Response plan for stolen backup tapes containing sensitive hashed passwords (/etc/passwd, /etc/shadow). Focuses on containment, forensics, and recovery in Linux environments. |
| ๐ก Rogue Wireless Access Point | Incident response for unauthorized AP detected within a corporate office. Covers identification, physical and network containment, and mitigation against lateral movement. |
2. ๐งฐ templates/
- HashedPasswords_Incident_Report.md
- RogueWiFiAP_Incident_Report.md
- ๐ SIEM: IBM QRadar
- ๐ฆ EDR: Symantec Endpoint Protection
- ๐ IDS/IPS: Suricata
- ๐ Encryption: BitLocker
- ๐ฌ Forensics: EnCase, FTK, Autopsy
- ๐ง Vulnerability Management: Tenable Nessus
- ๐งฑ Firewall: Fortinet FortiGate
- โ๏ธ Communication: Microsoft Teams, Outlook
These playbooks can be used by:
- Security teams to improve readiness
- IR tabletop exercises
- SOC analysts onboarding material
- Security engineering process documentation
Samriddhi
Threat Detection Enthusiast
LinkedIn
โPreparedness is not just about having tools โ itโs about having a plan to use them when it matters most.โ