Applied incident response / Steven Anson.
By: Anson, Steve.
Material type: BookPublisher: Indianapolis : Wiley, 2020Description: 1 online resource (464 pages).Content type: text Media type: computer Carrier type: online resourceISBN: 1119560284; 9781119560302; 1119560306; 9781119560319; 1119560314; 9781119560289.Subject(s): Computer security | Computer networks -- Security measures | COMPUTERS -- Security -- Networking | Computer networks -- Security measures | Computer securityGenre/Form: Electronic books.Additional physical formats: Print version:: Applied Incident Response.DDC classification: 005.8 Online resources: Wiley Online LibraryPrepare. The Threat Landscape -- Incident Readiness -- Respond. Remote Triage -- Remote Triage Tools -- Acquiring Memory -- Disk Imaging -- Network Security Monitoring -- Event Log Analysis -- Memory Analysis -- Malware Analysis -- Disk Forensics -- Lateral Movement Analysis -- Refine. Continuous Improvement -- Proactive Activities.
Includes index.
Print version record.
Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary.''Applied Incident Response'details effective ways to respond to advanced attacks against local and remote network resources, 'providing proven response techniques and a framework through which to apply them.' As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including: -Preparing your environment for effective incident response -Leveraging MITRE ATT & CK and threat intelligence for active network defense -Local and remote triage of systems using PowerShell, WMIC, and open-source tools -Acquiring RAM and disk images locally and remotely -Analyzing RAM with Volatility and Rekall -Deep-dive forensic analysis of system drives using open-source or commercial tools -Leveraging Security Onion and Elastic Stack for network security monitoring -Techniques for log analysis and aggregating high-value logs -Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox -Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more -Effective threat hunting techniques -Adversary emulation with Atomic Red Team -Improving preventive and detective controls.
There are no comments for this item.