# Incident Response - [Axios npm Supply Chain Attack](https://www.iblue.team/incident-response-1/axios-npm-supply-chain-attack.md) - [Following the Trail of Malicious JavaScript](https://www.iblue.team/incident-response-1/following-the-trail-of-malicious-javascript.md) - [Ivanti Connect Secure Auth Bypass and Remote Code Authentication CVE-2024-21887](https://www.iblue.team/incident-response-1/ivanti-connect-secure-auth-bypass-and-remote-code-authentication-cve-2024-21887.md): This article provides guidance on how to inspect/analyse disk images/memory from a virtual Ivanti Connect Secure appliance, in response to CVE-2023-46085 and CVE-2024-21887. - [VirusTotal & hash lists](https://www.iblue.team/incident-response-1/virustotal-and-hash-lists.md): We'll take UAC's md5 hash output and query VirusTotal's API to search for malicious binaries. - [Unix-like Artifacts Collector (UAC)](https://www.iblue.team/incident-response-1/unix-like-artifacts-collector-uac.md) - [Setup MinIO (object storage)](https://www.iblue.team/incident-response-1/unix-like-artifacts-collector-uac/setup-minio-object-storage.md): We'll setup a server using MinIO and generate a pre-signed URL using the Python SDK so we can upload a triage collection. - [Create S3 pre-signed URL](https://www.iblue.team/incident-response-1/unix-like-artifacts-collector-uac/create-s3-pre-signed-url.md): We'll setup a server using MinIO and generate a pre-signed URL using the Python SDK so we can upload a triage collection. - [UAC and pre-signed URLs](https://www.iblue.team/incident-response-1/unix-like-artifacts-collector-uac/uac-and-pre-signed-urls.md) - [Acquiring Linux VPS via SSH](https://www.iblue.team/incident-response-1/acquiring-linux-vps-via-ssh.md): Scenario: compromised VPS instance (through a provider such as BinaryLane, Linode, Vultr, etc) which is no longer live, and requires remote acquisition for examination/analysis. - [AVML dump to SMB / AWS](https://www.iblue.team/incident-response-1/avml-dump-to-smb-aws.md) - [China Chopper webshell](https://www.iblue.team/incident-response-1/china-chopper-webshell.md) - [Logging Powershell activities](https://www.iblue.team/incident-response-1/logging-powershell-activities.md) - [Compromised UniFi Controller](https://www.iblue.team/incident-response-1/compromised-unifi-controller.md): General pointers on where to look for configuration files and/or logs when investigating a compromised UniFi controller. - [AnyDesk Remote Access](https://www.iblue.team/incident-response-1/anydesk-remote-access.md): AnyDesk is a popular remote access program which is often used by threat actors (and scammers) as either an entry point into an environment or to transfer tools between environments - [Mounting UFS VMDK from NetScaler/Citrix ADC](https://www.iblue.team/incident-response-1/mounting-ufs-vmdk-from-netscaler-citrix-adc.md): We'll cover how to mount a VMDK, which contains multiple partitions, originating from a NetScaler VM. This is to support analysis in relation to CVE-2023-3519. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.iblue.team/incident-response-1.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.