Incident Response
IR playbooks, breach response, forensics, regulator notification timelines.
Scenario Brief: Critical OpenSSL Use-After-Free Reachable via TLS 1.3 Session Resumption
Tabletop-ready threat scenario: a hypothetical CVSS 9.8 use-after-free in OpenSSL TLS 1.3 session resumption. Indian BFSI patch-priority and incident-reporting drill.
AcademyModule 6 · Crisis Communications During an Incident
Why this module exists. The technical incident response succeeds or fails on operations; the public perception of the incident succeeds or fails…
AcademyModule 7 · Ransomware Recovery — The 2026 Playbook
Why this module exists. Indian ransomware incidents have grown 40-60% year-over-year since 2023. Most affected organisations recover but at substantially higher cost…
AcademyModule 4 · Backup Strategy — 3-2-1-1-0 and Ransomware-Resilient Architecture
Why this module exists. A backup that fails to restore is worse than no backup — it costs effort to maintain and…
AcademyModule 5 · Recovery Testing — Tabletop, Functional, Full Failover
Why this module exists. Indian enterprises that test their DR architecture annually consistently outperform those that test it on the day of…
AcademyModule 3 · Business Impact Analysis — Deriving RTO and RPO
Why this module exists. BIA produces the answer to the most important BCDR question: “what does it cost the business if this…
AcademyModule 6 · Forensic Timeline Reconstruction with Plaso
Why this module exists. An investigation has a hundred sources: event logs from five hosts, bash history, filesystem mtimes, audit logs, EDR…
AcademyModule 5 · Linux Forensics — Auditd, journalctl, Containers
Why this module exists. Linux IR responders often default to “tar up /var/log and call it done.” Modern Linux estates — especially…
AcademyModule 4 · Windows Event Log Forensics — The IR Reference
Why this module exists. The defender’s biggest leverage in any Windows IR is the event log. The attacker’s biggest leverage in the…
AcademyModule 3 · Memory Forensics with Volatility 3
Why this module exists. Half the modern malware ecosystem never writes a payload to disk — it lives in memory, injected into…