Guides News (18 Posts)

1 2 . Last - Previous >>

A Generic Incident Playbook

Following the work started last year, we have now published a generic incident playbook that should be useful in any type of cyber incident and get your started on how to respond efficiently and rapidly
It is part of the wider set of incident playbooks (17 of them) and is available as a standalone 2x pages PDF on our github page:
ELYSIUMSECURITY Github Incident Playbook page


Free Cyber Incident Playbooks on GitHub

We are in the process of migrating our free resources/download to GitHub in an effort to facilitate the contribution from and to the cyber security community.

The first open source project we uploaded to GitHub is our cryptography project (BUGS) and the second one is our ES Cyber Incident playbooks project.

Our Cyber incident playbooks project is based on the work done by the CERT Societe Generale (SG CERT) which is available for free, under the Creative Commons Attribution 3.0 Unported License, on GitHub. Our project uses the same licensing model and you are free to use the content of our document(s) as per the aforementioned license and with referencing the author(s).

This project provides a number of Incident Response Methodologies (IRM), also called incident playbooks, aimed at helping a company with the handling of different t...


In the past 6 months, ELYSIUMSECURITY has looked at 10 of the most popular Cyber Security reports of 2019 and created an overview document summarising their main trends and predictions.
The results will be presented at the next MU.SCL event (free registration HERE) but you can already have a look at the main findings by downloading the presentation in the DOWNLOAD section.



ELYSIUMSECURITY has designed a practical framework to help organisations implement an efficient Phishing Protection program.
Phishing has become the number one attack vector used by criminals to get around most companies defences and use social engineering to extract confidential information and conduct financial frauds.

For an efficient Phishing Protection program, organisations must consider not only implementing awareness and simulation campaigns but also integrate them to their phishing detection and protection strategy.

More information on how to implement this framework is available in our DOWNLOAD section.



Knowing what security features are included or not in the different packages offering from Microsoft can be confusing.
In this article, we will explain the overall principle of what all of those plans means.

For most companies, when it comes to Microsoft products you need protection for your EMAILS/DOCUMENTS/ENDPOINTS and for your ACCESS to Microsoft products (meaning AD, even if you are a Apple house)

The bottom line is that for ensuring you have the best security you want all or some of those security features:

  • Some advanced threat protection for your email/documents/endpoints:
    URL Link protection;
    Attachment protection;
    Identity and impersonation protection;
    Threat Intelligence;
    Alert for suspicious logins or activities;
    Logs and archiving;
    Advanced search and discovery;
    Digital Right Management;
    MDM (phones and laptops);

  • Some advanced threat p
  • ...
    >>[READ MORE]

    Cyber Security Planning - A simple 6 Steps Approach

    Having a plan, or not, to secure your enterprise and respond to an incident could be the difference between closing down your company or seeing that incident through!
    Most large organisations invest considerable amount of time, money and resources to define a Cyber Security Strategy resulting in several Cyber Security Programs and Incident Management/Response Plans. All of which are in support of a wider Business Continuity Plan (BCP).
    This results in procedures, documentation, backup systems, regular incident simulations and dedicated teams.

    As long as these initiatives are kept up to date and still relevant to the organisation mode of operation then it should help a company survive most incidents.

    By contrast, smaller organisations and especially start-ups tend to focus first on getting the "job done" and then think of what to do in case of an emergency or incident.
    Their Cyber Security Programs and Incidence Response Plans are often limited to t...
    >>[READ MORE]

    How to build an efficient Anti-Phishing Framework?

    As our world reliance on electronic connection and communication is accelerating, cyber attacks are on the rise along with counter measure solutions in the form of endless new cyber security companies, consultants, expertise, software and hardware aimed at protecting individuals, assets, corporations and even nation states.

    However, even with all the tools and increasing cyber budget at our disposal, there is always one constant weak link: The Human element in the so called Cyber Kill Chain.
    It is this human element that can defeat the most sophisticated defence systems and it is why the use of Phishing and Spear Phishing attacks are so prominent and successful.

    Those attacks exploit human emotion, ignorance and credibility to bypass defences in tricking users to follow poisonous steps:
    Clicking on links, opening documents, accepting/ignoring security warnings and good practises, installing software, etc....
    >>[READ MORE]

    How to build a Red Team and Why?

    I recently gave a talk at the Rant Forum in London on the topic of "RedTeam, why this is more than a buzz word?". It was an interesting experience and whilst different from traditional security events, as the crowd can and will interrupt you at any time, it was very enjoyable.
    Many attendees asked if I could produce some "slides" after the talk. As no slides were used, below is a collection of notes from wich the talk was based on.

    In this post we will explain what RedTeam is, how does it fit with other similar security services and what advantages does it bring to an organisation. We will also look into what works? what doesn’t? And where is this “new” type of service going?
    A Red Team is part of a trio of services which increases in sophistication: Vulnerability Assessment, Penetration Testing and then Red Teaming. We will d...
    >>[READ MORE]

    One more update to the Security Onion Guide

    We have updated once more our Security Onion Installation Guide with a few tweaks regarding setting up BRO emails and SSH.
    There is also a new PDF version, using an updated template, available from the download section .

    >>[READ MORE]

    Updated Security Onion Guide

    Last week, Security Onion repository moved from Google Code to Github. We have now updated our Security Onion Installation Guide with the new links.
    Basically, replacing the base part of each link from the old reference

    If you are looking for "issues", not only do you need to replace the base reference as mentioned above, but you also need to remove the "detail?id=" at the end of the URL.
    For example: (does not work )
    >>[READ MORE]