creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-14 15:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/recovering-from-ransomware-attack/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

56 lines
1.7 KiB
Markdown
Raw Blame History

# API Reference: Recovering from Ransomware Attack
## Recovery Priority Order
| Priority | Systems | Why First |
|----------|---------|-----------|
| 1 | Domain Controllers | All auth depends on AD |
| 2 | DNS/DHCP | Network functionality |
| 3 | Authentication (SSO/MFA) | User access |
| 4 | Email | Communication |
| 5 | Database Servers | Business data |
| 6 | Application Servers | Business operations |
| 7 | File Servers | Data access |
| 8 | Workstations | End user devices |
## KRBTGT Reset Procedure
| Step | Command | Note |
|------|---------|------|
| 1 | `Reset-KrbtgtPassword` | First reset |
| 2 | Wait 12 hours | Allow replication |
| 3 | `Reset-KrbtgtPassword` | Second reset |
| 4 | `dcdiag /v` | Validate DC health |
## Backup Verification Commands
| Command | Description |
|---------|-------------|
| `veeamcli verify` | Verify Veeam backup integrity |
| `wbadmin get versions` | List Windows Server backups |
| `aws s3api head-object` | Check S3 backup metadata |
## 3-2-1-1-0 Backup Strategy
| Component | Description |
|-----------|-------------|
| 3 copies | Production + 2 backups |
| 2 media types | Disk + tape/cloud |
| 1 offsite | Geographically separate |
| 1 offline | Air-gapped or immutable |
| 0 errors | Verified with restore tests |
## Python Libraries
| Library | Version | Purpose |
|---------|---------|---------|
| `json` | stdlib | Recovery tracking |
| `datetime` | stdlib | Timeline documentation |
| `pathlib` | stdlib | Backup path verification |
## References
- CISA Ransomware Guide: https://www.cisa.gov/stopransomware/ransomware-guide
- NIST SP 1800-26: https://www.nccoe.nist.gov/data-integrity-recovering-ransomware
- NoMoreRansom: https://www.nomoreransom.org/
Reference in New Issue View Git Blame Copy Permalink