Joint Cybersecurity Advisory: Technical Approaches to Uncovering and Remediating Malicious Activity [open pdf - 1MB]
From the Overview: "This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States. It highlights technical approaches to uncovering malicious activity and includes mitigation steps according to best practices. The purpose of this report is to enhance incident response among partners and network administrators along with serving as a playbook for incident investigation."
U.S. Cybersecurity and Infrastructure Security Agency: https://www.cisa.gov/