Back to Playbooksv1.0.0
Root Access
Comprehensive incident response playbook for handling unauthorized root or administrative access to systems. Covers detection of unauthorized privilege escalation, forensic analysis of compromised root accounts, containment of unauthorized administrative sessions, eradication of persistence mechanisms such as rootkits and rogue SSH keys, system recovery through integrity verification and rebuilds, and post-incident hardening. Based on the NIST Computer Security Incident Handling Guide (SP 800-61).
This playbook follows the NIST Incident Response Framework with 7 phases and 14 total steps.
Response Phases
Click a phase to view its steps, or click a step to view its flowchart