Eradication & Remediation
Premium roomA look into the fourth phase of the Incident Response framework: Eradication, Remediation, and Recovery.
easy
60 min
8,766
To access material, start machines and answer questions login.
The previous couple of rooms, which explored the feedback loop between Identification and Scoping and the consequent role of Containment and Threat Intelligence creation in driving the Incident Response process forward, are doing wonders for the incident we’re currently handling. However, our job here isn’t done yet.
As far as scoping goes, it seems that we’ve already identified all of the systems that were compromised. These have been consequently contained as well, and the only remaining thing to do is to remove the bad guys from our environment.
There’s no single correct way to move forward in this particular phase of the process. It depends on a lot of factors, and we will touch upon some of them throughout the course of the room.
Learning Objectives:
In this room, we will be picking up where the previous couple of rooms left off. We will be tackling the next step of the process, giving emphasis to the thought process behind how eradication and remediation works, and touching upon the subject of action plans for recovery.
Room Prerequisites:
In order to get the most out of this room, it is recommended to first go through the first three rooms in this module as listed below:
- Preparation | Live Module
- Identification and Scoping | Live Module
- Threat Intel & Containment | Live Module
Optional Room:
There's also a nice -based challenge room named Tardigrade that has lessons similar to the ones we will be tackling in this room, so make sure to check that one out as well!
Ready to learn Cyber Security?
The Eradication & Remediation room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in