Zero-Day Response Playbook: From Discovery to Recovery
A zero-day drops. No patch exists. Your threat intel feed lights up. The clock starts. What you do in the first 60 minutes determines whether this becomes a contained incident or a headline-making breach.
This post walks through a complete zero-day response lifecycle — from the moment you learn about a new vulnerability through containment, threat hunting, and recovery. We follow Meridian Healthcare (fictional) through their response to a critical zero-day in their edge gateway appliance, with detection queries, decision trees, and communication templates you can adapt immediately.