Investigation Playbooks

Encryption-based extortion attack targeting files, databases, or entire systems with ransom demands for decryption keys.

Social engineering attack delivered via email, SMS, or messaging platforms designed to harvest credentials or deliver malicious payloads.

Unauthorized transfer of sensitive data outside the organization through network channels, cloud services, or removable media.

Malicious or negligent activity by an authorized user, employee, contractor, or business partner that compromises data or systems.

Exploitation of web application vulnerabilities such as injection flaws, authentication bypasses, or server-side request forgery leading to unauthorized access.

Unauthorized access to cloud infrastructure or identity provider through stolen tokens, OAuth abuse, or misconfigured access policies.

Targeted attack leveraging compromised or spoofed executive email accounts to authorize fraudulent transactions or redirect sensitive communications.

Theft of authentication credentials through brute force, credential stuffing, keylogging, LSASS dumping, or password database compromise.