Incident Response · 26 articles

Incident Response

IR playbooks, breach response, forensics, regulator notification timelines.

Incident Response

Scenario Brief: Critical OpenSSL Use-After-Free Reachable via TLS 1.3 Session Resumption

Tabletop-ready threat scenario: a hypothetical CVSS 9.8 use-after-free in OpenSSL TLS 1.3 session resumption. Indian BFSI patch-priority and incident-reporting drill.

May 22, 2026 · 2 min read
Academy

Module 6 · Crisis Communications During an Incident

Why this module exists. The technical incident response succeeds or fails on operations; the public perception of the incident succeeds or fails…

May 14, 2026 · 3 min read
Academy

Module 7 · Ransomware Recovery — The 2026 Playbook

Why this module exists. Indian ransomware incidents have grown 40-60% year-over-year since 2023. Most affected organisations recover but at substantially higher cost…

May 14, 2026 · 4 min read
Academy

Module 4 · Backup Strategy — 3-2-1-1-0 and Ransomware-Resilient Architecture

Why this module exists. A backup that fails to restore is worse than no backup — it costs effort to maintain and…

May 14, 2026 · 4 min read
Academy

Module 5 · Recovery Testing — Tabletop, Functional, Full Failover

Why this module exists. Indian enterprises that test their DR architecture annually consistently outperform those that test it on the day of…

May 14, 2026 · 4 min read
Academy

Module 3 · Business Impact Analysis — Deriving RTO and RPO

Why this module exists. BIA produces the answer to the most important BCDR question: “what does it cost the business if this…

May 14, 2026 · 3 min read
Academy

Module 6 · Forensic Timeline Reconstruction with Plaso

Why this module exists. An investigation has a hundred sources: event logs from five hosts, bash history, filesystem mtimes, audit logs, EDR…

May 13, 2026 · 4 min read
Academy

Module 5 · Linux Forensics — Auditd, journalctl, Containers

Why this module exists. Linux IR responders often default to “tar up /var/log and call it done.” Modern Linux estates — especially…

May 13, 2026 · 4 min read
Academy

Module 4 · Windows Event Log Forensics — The IR Reference

Why this module exists. The defender’s biggest leverage in any Windows IR is the event log. The attacker’s biggest leverage in the…

May 13, 2026 · 3 min read
Academy

Module 3 · Memory Forensics with Volatility 3

Why this module exists. Half the modern malware ecosystem never writes a payload to disk — it lives in memory, injected into…

May 13, 2026 · 4 min read