Applied Incident Response


Applied Incident Response
by: Steve Anson
Print Length 页数: 464 pages
Publisher finelybook 出版社:‏ Wiley; 1 edition (January 29,2020)
Language 语言: English
ISBN-10: 1119560268
ISBN-13: 9781119560265

Book Description


Incident response is critical for the active defense of any network,and incident responders need up-to-date,immediately applicable techniques with which to engage the adversary. Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources,providing proven response techniques and a framework through which to apply them. As a starting point for new incident handlers,or as a technical reference for hardened IR veterans,this book details the latest techniques for responding to threats against your network,including:
Preparing your environment for effective incident response
Leveraging MITRE ATT&CK and threat intelligence for active network defense
Local and remote triage of systems using PowerShell,WMIC,and open-source tools
Acquiring RAM and disk images locally and remotely
Analyzing RAM with Volatility and Rekall
Deep-dive forensic analysis of system drives using open-source or commercial tools
Leveraging Security Onion and Elastic Stack for network security monitoring
Techniques for log analysis and aggregating high-value logs
Static and dynamic analysis of malware with YARA rules,FLARE VM,and Cuckoo Sandbox
Detecting and responding to lateral movement techniques,including pass-the-hash,pass-the-ticket,
Kerberoasting,malicious use of PowerShell,and many more
Effective threat hunting techniques
Adversary emulation with Atomic Red Team
Improving preventive and detective controls
Applied Incident Response 9781119560265. zip[/erphpdown]

打赏
未经允许不得转载:finelybook » Applied Incident Response

评论 抢沙发

觉得文章有用就打赏一下

您的打赏,我们将继续给力更多优质内容

支付宝扫一扫

微信扫一扫