Research The Domain
DNS Dumpster
Doing a research on the domain using DNS Dumpster will provide DNS Records, much like the same information you’ll get when you register a web server.
Shodan.io
Used to identify externally exposed ports, web servers, and devices. Using this tool will give you the perspective of an attacker scanning an entity.
VirusTotal
If an organization is compromised by an actor who is then leveraging that compromised infrastructure to attack other organizations, other organizations may have already reported that to virus total.
Have I Been Pwned
Used to Identify credentials if they have been stolen.
Preparation
Github / WinPmem
- Memory acquisition driver and userspace.
- Best way is to attach directly to removable media.
Detection and Analysis
Used the code on Run-Initial-Triage.ps1.
Intel
CyberChef - Common tool used for decoding things.
URLhaus - Tool for sharing malicious URLs that are being used for malware distribution.
VirusTotal - Used the graph feature for better analysis and allows to view it as a node.
Collect Host Data
Collect by order of volatility.
IOC - Indicators of Compromise