Skip to Main Content

Playbook Development

Build a tailored, go-to guide for handling an incident

TrustedSec helps organizations document steps that analysts and investigators will perform during the hands-on Incident Response process.

Organizations often respond to the same types of incidents over and over again. From malware to phishing to ransomware, oftentimes the attack scenarios are the same. Because of this, analysts and responders tend to perform the same tasks when responding to these events. However, most organizations find that these tasks are based on ad hoc knowledge, not performed consistently, and not documented. The solution to best protect against these types of issues is to create Incident Response Playbooks.

The creation and utilization of Incident Response Playbooks allows analysts to respond to an incident consistently, ensures that correct procedures are followed, and provides an organization with a roadmap to determine where processes can be automated and enhanced to improve critical response time.

A proven process to excel at a critical moment

With their years of experience, TrustedSec’s Incident Response team is able to provide a unique insight into attacks and assist in creating Incident Response Playbooks. This process includes:

  • Determining what common incidents an organization is seeing and reviewing industry research;
  • Interviewing appropriate personnel to find the tools used in current procedures or processes; and
  • Documenting the methods critical for success prescribed with the organization’s input.
“TrustedSec allows me to help make an impact on our clients and help those in need.”
Tyler HudakPractice Lead, Incident Response

Get real security guidance from real security experts.

Experts across security domains are ready to tackle your security challenges.

Read our blog

Explore the latest cybersecurity topics on the TrustedSec Security Blog

Blog July 25 2023

Prefetch: The Little Snitch That Tells on You

Incident Response and forensic analysts use the contents of prefetch files in investigations to gather information, such as the source from which an executable…

Read about this article
Blog June 01 2023

Critical Vulnerability in Progress MOVEit Transfer: Technical Analysis and Recommendations

On May 31, 2023, Progress Software released a security bulletin concerning a critical vulnerability within MOVEit Transfer, a widely used secure file transfer…

Read about this article
Blog April 25 2023

Incident Response Rapid Triage: A DFIR Warrior's Guide (Part 3 – Network Analysis and Tooling)

Within the first two installments of this series, we identified the key to successful incident preparation starts with making sure a solid incident triage…

Read about this article
Blog April 20 2023

Incident Response Rapid Triage: A DFIR Warrior's Guide (Part 2 – Incident Assessment and Windows Artifact Processing)

In Part 1 of this series, we identified that there are three (3) key parts to successful incident preparation: ensuring that a solid incident triage process is…

Read about this article
Blog April 18 2023

Incident Response Rapid Triage: A DFIR Warrior's Guide (Part 1 – Process Overview and Preparation)

In this series, I will be discussing how to handle an incident with the speed and precision of a DFIR warrior. With a rapid triage mindset, you'll be able to…

Read about this article
Blog April 11 2023

On the Road to Detection Engineering

Introduction People have asked numerous times on Twitter, LinkedIn, Discord, and Slack, “Leo, how do I get into Detection Engineering?” In this blog, I will…

Read about this article
Blog March 17 2023

Critical Outlook Vulnerability: In-Depth Technical Analysis and Recommendations (CVE-2023-23397)

Threat Overview Earlier this week, Microsoft released a patch for Outlook vulnerability CVE-2023-23397, which has been actively exploited for almost an entire…

Read about this article
Blog March 14 2023

Red vs. Blue: Kerberos Ticket Times, Checksums, and You!

This blog post was co-authored with Charlie Clark of Semperis. 1    Introduction At SANS Pen Test HackFest 2022, Charlie Clark (@exploitph) and I presented our…

Read about this article
Blog March 07 2023

Getting Analysis Practice from Windows Event Log Sample Attacks

Throughout my career as an Incident Responder, one of the most invaluable skillsets I have had to draw on has been analysis of Windows event logs. These event…

Read about this article
Blog February 16 2023

BOFs for Script Kiddies

Introduction I hope I don’t sound like a complete n00b, but what or who or where is a BOF? All the cool kids are talking about it, and I just smile and nod. Is…

Read about this article