I was wondering if people had a favourite list of playbooks or list of commands they run in an IR scenario? I am not thinking of a straight lift from an IR book, more like what your personal actions would likely be to identify and respond to a potential incident. I was thinking if we could compile these then this could become a "quick reference" in case someone needs to lay their hands on it quickly in an out of band comms situation.
Nice reference to you and Marcus on Microsoft Defender Security Centre, Kev... I see you continue to keep a low profile 🙂 Don't forget my offer to find your house and be there with a cup of tea when you wake up.