CSIRT Synacktiv
The CSIRT Synacktiv can help you on IT security incidents that impact your information system and more generally your business. We handle any type of incident (on-site systems, cloud service, telephone, appliances, etc.) and carry out a technical analysis. So we can help you to adopt an appropriate response to eradicate the threat and restore the affected service. Sixty experienced experts can investigate in any type of cyber-threat.
Contact us : csirt@synacktiv.com for encrypted mail please use GPG key. or phone call (+33) 9 7118 2769
We process requests on weekdays from Monday to Friday from 9 a.m. to 7 p.m. Romance Standard Time (UTC + 1 + summer time). A secure web interface is available for secure exchanges.
RFC 2350 compliant information form (1.2) (digital signature)
Expertise & Activities :
- technical preparation for security incidents: we help your teams to add useful logs useful for forensic investigation
- digital investigation: we analyze logs the way to reconstruct the course of an attack
- search for malicious activities & implants (software and hardware): thanks to our expertise in offensive security to identify a targeted attack
- compromise audit: in the same way that we carry out vulnerability assessment, we focus here on finding an attacker who would not have been discovered by conventional means
- response to incidents & crises: we support your technical team during a crisis
- post-incident recommendations: we proceed recommendations to make a similar attack impossible and reduce your exposure
- post-incident opinion: any doubts about an analysis ? Let's ask us to compare or check a previous investigation
Need assistance ?
We recommend to contact CSIRT Synacktiv if you experience a security incident so we can help you in the first steps.
Each incident is unique and requires distinct set of approaches, but we can provide some predefined procedure :
- try to keep your system up and isolate from the network, so we can capture the memory and get some valuable information about the attack
- in case of destructive attack like ransomware, we recommend to shutdown Internet & VPN access. Core servers (firstly backup server) and workstations should be isolated from the network and shutdown if the attack seems to be widespread and unleashed
- if your cloud mailbox is compromised, activate the MFA and proceed to some compromise assessment (forward, inbox rules, unauthorized delegation)