Run Automated Vulnerability Scans
Scan targets for known vulnerabilities using Nuclei's extensive template library.
Incident Response Toolkit
Investigate security incidents by verifying DNS integrity, scanning for compromise indicators, and researching threat intelligence.
When a security incident occurs, rapid investigation and containment are critical. Security teams need to quickly determine the scope of compromise, identify the exploited vulnerability, and gather threat intelligence to understand the attacker and prevent reoccurrence. Every minute of delay increases potential damage.
This workflow provides a structured incident response approach: verify DNS integrity to detect hijacking, scan for active exploitation and indicators of compromise, identify the likely exploited vulnerability through CVE analysis, and gather threat intelligence from security research communities. It accelerates the investigation phase so teams can move to containment and remediation faster.
Steps
1
Verify DNS Integrity
Check DNS records for unauthorized changes, rogue entries, or signs of DNS hijacking that may indicate compromise.
Input: Domain to verify DNS integrity for during incident investigation.
Output: Current DNS records for comparison against known-good baselines.
2
Scan for Active Exploitation
Run detection templates to identify active exploitation, webshells, backdoors, and indicators of compromise.
Input: Affected hosts and IOC-focused template categories.
Output: Detected indicators of compromise, backdoors, and active exploitation evidence.
3
Identify Exploited Vulnerability
Search for the vulnerability likely exploited in the incident based on observed indicators and affected software.
Input: Software versions and observed indicators from the compromised systems.
Output: Candidate CVEs with exploit details, attack vectors, and known exploit code references.
4
Research Threat Intelligence
Search for threat intelligence reports, IOC feeds, and community analysis related to the observed attack patterns.
Input: IOCs, CVE IDs, and attack patterns observed during the incident.
Output: Threat intelligence reports, attribution analysis, and community-shared IOCs.
Benefits
- Rapid DNS integrity verification detects hijacking and unauthorized changes
- Automated IOC scanning finds backdoors and webshells quickly
- CVE identification helps understand the attack vector and scope
- Threat intelligence research provides attacker context and additional IOCs
Related Use Cases
Check for Known CVE Exposures
Detect whether your targets are affected by specific CVEs with publicly disclosed exploits.
Research Vulnerabilities by Software
Search for known vulnerabilities affecting specific software products, libraries, or frameworks in your stack.
Check CVE Details
Look up detailed information about specific CVEs including severity, affected versions, exploit availability, and patches.
Research Market Trends
Identify emerging market trends by combining web search results with the latest news coverage across your industry.
Monitor Brand Mentions
Track where and how your brand is being discussed across the web and in news coverage.
Look Up DNS Records
Query DNS records for any domain to inspect A, AAAA, MX, CNAME, TXT, and NS configurations.
Check DNS Propagation Status
Verify whether recent DNS changes have propagated and the new records are live.