Playbooks

5 named playbooks · first-principles fallback for novel incidents

Endpoint Compromise

process injectionlateral movementcredential dump

12 steps

Identity & Access Abuse

impossible travelMFA bypassprivilege escalation

9 steps

Cloud Misconfiguration Exploitation

public bucket accessIAM credential exfilunauthorized API calls

11 steps

Phishing / BEC

suspicious mail ruleexternal forwardingOAuth token grant

8 steps

Ransomware

mass file encryptionshadow copy deletionransom note creation

14 steps