CERT Societe Generale provides easy to use operational incident best practices. These cheat sheets are dedicated to incident handling and cover multiple fields in which a CERT team can be involved. One IRM exists for each security incident we're used to dealing with.

These cheat sheets have been written in English and Russian, and translated into Spanish by Francisco Neira from the OAS.

CERT Societe Generale would like to thank SANS and Lenny Zeltser who have been a major source of inspiration for some IRMs.

Feel free to contact us if you identify a bug or an error in these IRMs.


  • IRM-1: Worm Infection
  • IRM-2: Windows Intrusion
  • IRM-3: Unix Intrusion
  • IRM-4: DDoS
  • IRM-5: Malicious Network Behaviour
  • IRM-6: Website Defacement
  • IRM-7: Windows Malware Detection
  • IRM-8: Blackmail
  • IRM-9: Smartphone Malware
  • IRM-10: Social Engineering
  • IRM-11: Information Leakage
  • IRM-12: Insider Abuse
  • IRM-13: Phishing
  • IRM-14: Scam
  • IRM-15: Trademark Infringement
  • IRM-16: Not public
  • IRM-17: Ransomware
  • The IRM are hosted on Github

    Creative Commons License

    This work is licensed under a Creative Commons Attribution 3.0 Unported License.


    The members of CERT Societe Generale can attend conferences. Please note that, depending on the topic, some of the conference materials are not made available online.




    CERT Societe Generale is involved into several workgroups and research projects. The following deliverables were published in partnership with CERT Societe Generale.