Cyber attacks and remediation : Remediation of active directory tier 0
ANSSI publishes a set of guides on remediation, laying out the principles for the management and implementation of remediation within an organisation affected by a cybersecurity incident.
The purpose of this publication is to provide a conceptual framework for remediation operations in the event of a major cybersecurity breach. In this document, remediation is defined as a set of operations aimed at taking back control of a compromised information system and restoring it to a sufficient level of operation.
This document is part of the technical component of ANSSI’s corpus of publications on remediation. It presents the foundations of the operation to rebuild the trusted core of the Active Directory. It is intended to help progress through a remediation plan by providing a brief set of key measures to implement. As such, it is mainly intended for the technical teams in charge of implementing reconstruction operations.