1) Check News related to the company (Use labels)
2) Check Security Advisories sent by US-CERT etc. (Use libraries)
3) Check changes of regulations (such as FFIEC, DFS 500, GLBA, OCC, SWIFT, CHIPS FEDLINE, ISO27001/27002, NIST SP800, FIPS 140-2, PCI-DSS)
4) New vulnerabilities (Use libraries and CVE/Bugtraq)
5) New threats (Use libraries)
6) Data Leakage Investigation (Use Spider and keywords to Dark Web and dark markets)
7) Reputation Investigation (Use Spider and keywords to check forums)
8) Phishing website Investigation
9) Crawl Hacker forums for the company's confidential data
10) Google Hacking to check if there is any web-based backdoor sitting in the company's website
11) Third Party Passive Vulnerability Scan's results (Use Shodan, ZoomEye)
12) Third Party Web Security Scan (Use www.immuniweb.com/websec, ssl lab)
13) Blacklist/SPAM List checking (Use IP ranges and domains)
14) Check if the company's IP addresses are in Botnet lists
15) Check if the company's emails have been compromised (Use https://haveibeenpwned.com/ and https://hacked-emails.com/)
16) Check DNS records (Use domains and IP ranges)
17) Honeypot/Sandbox Analysis
18) Suspicious Traffic Analysis
19) APT groups research (Use ATT&CK, FireEye APT Group, CyberMonitor@GitHub): specify those APTs' targets (e.g. industries and geographies), and see if your organization hits their target scopes
20) IOC search, analysis, and apply (to SIEM, NIDPS, Firewall, Anti-Virus, Anti-SPAM, etc.)
21) Action Plan
No comments:
Post a Comment