Anson, S Anson, Steve Anson - Applied Incident Response

Write the first review!

Fr. 60.90

Anson, S Anson, Steve Anson

Applied Incident Response

English · Paperback / Softback

Shipping usually within 1 to 3 weeks (not available at short notice)

Description

Read more

Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary. Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response techniques and a framework through which to apply them. As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including:
* Preparing your environment for effective incident response
* Leveraging MITRE ATT&CK and threat intelligence for active network defense
* Local and remote triage of systems using PowerShell, WMIC, and open-source tools
* Acquiring RAM and disk images locally and remotely
* Analyzing RAM with Volatility and Rekall
* Deep-dive forensic analysis of system drives using open-source or commercial tools
* Leveraging Security Onion and Elastic Stack for network security monitoring
* Techniques for log analysis and aggregating high-value logs
* Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox
* Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more
* Effective threat hunting techniques
* Adversary emulation with Atomic Red Team
* Improving preventive and detective controls

List of contents

Part I Prepare 1
 
Chapter 1 The Threat Landscape 3
 
Chapter 2 Incident Readiness 21
 
Part II Respond 45
 
Chapter 3 Remote Triage 47
 
Chapter 4 Remote Triage Tools 67
 
Chapter 5 Acquiring Memory 103
 
Chapter 6 Disk Imaging 133
 
Chapter 7 Network Security Monitoring 161
 
Chapter 8 Event Log Analysis 199
 
Chapter 9 Memory Analysis 235
 
Chapter 10 Malware Analysis 277
 
Chapter 11 Disk Forensics 311
 
Chapter 12 Lateral Movement Analysis 345
 
Part III Refine 379
 
Chapter 13 Continuous Improvement 381
 
Chapter 14 Proactive Activities 399
 
Index 419

About the author










Steve Anson is a SANS Certified Instructor and co-founder of leading IT security company Forward Defense. He has over 20 years of experience investigating cybercrime and network intrusion incidents. As a former US federal agent, Steve specialized in intrusion investigations for the FBI and DoD. He has taught incident response and digital forensics techniques to thousands of students around the world on behalf of the FBI Academy, US Department of State, and the SANS Institute. He has assisted governments in over 50 countries to improve their strategic and tactical response to computer-facilitated crimes and works with a range of multinational organizations to prevent, detect and respond to network security incidents.

Summary

Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary. Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response techniques and a framework through which to apply them. As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including:
* Preparing your environment for effective incident response
* Leveraging MITRE ATT&CK and threat intelligence for active network defense
* Local and remote triage of systems using PowerShell, WMIC, and open-source tools
* Acquiring RAM and disk images locally and remotely
* Analyzing RAM with Volatility and Rekall
* Deep-dive forensic analysis of system drives using open-source or commercial tools
* Leveraging Security Onion and Elastic Stack for network security monitoring
* Techniques for log analysis and aggregating high-value logs
* Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox
* Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more
* Effective threat hunting techniques
* Adversary emulation with Atomic Red Team
* Improving preventive and detective controls

Product details

Authors Anson, S Anson, Steve Anson
Publisher Wiley, John and Sons Ltd
 
Languages English
Product format Paperback / Softback
Released 31.12.2019
 
EAN 9781119560265
ISBN 978-1-119-56026-5
No. of pages 464
Subjects Natural sciences, medicine, IT, technology > IT, data processing > Data communication, networks

Computersicherheit, Informatik, computer science, Computer Security & Cryptography, Computersicherheit u. Kryptographie, Networking / Security, Netzwerke / Sicherheit

Customer reviews

No reviews have been written for this item yet. Write the first review and be helpful to other users when they decide on a purchase.

Write a review

Thumbs up or thumbs down? Write your own review.

For messages to CeDe.ch please use the contact form.

The input fields marked * are obligatory

By submitting this form you agree to our data privacy statement.