Inhoudsopgave:
|
\u003cp\u003eIncident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary.\u0026nbsp;\u0026nbsp;\u003ci\u003eApplied Incident Response\u003c/i\u003e\u0026nbsp;details effective ways to respond to advanced attacks against local and remote network resources,\u0026nbsp;providing proven response techniques and a framework through which to apply them.\u0026nbsp; As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including:\u003c/p\u003e \u003cul\u003e \u003cli\u003ePreparing your environment for effective incident response\u003c/li\u003e \u003cli\u003eLeveraging MITRE ATT\u0026amp;CK and threat intelligence for active network defense\u003c/li\u003e \u003cli\u003eLocal and remote triage of systems using PowerShell, WMIC, and open-source tools\u003c/li\u003e \u003cli\u003eAcquiring RAM and disk images locally and remotely\u003c/li\u003e \u003cli\u003eAnalyzing RAM with Volatility and Rekall\u003c/li\u003e \u003cli\u003eDeep-dive forensic analysis of system drives using open-source or commercial tools\u003c/li\u003e \u003cli\u003eLeveraging Security Onion and Elastic Stack for network security monitoring\u003c/li\u003e \u003cli\u003eTechniques for log analysis and aggregating high-value logs\u003c/li\u003e \u003cli\u003eStatic and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox\u003c/li\u003e \u003cli\u003eDetecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more\u003c/li\u003e \u003cli\u003eEffective threat hunting techniques\u003c/li\u003e \u003cli\u003eAdversary emulation with Atomic Red Team\u003c/li\u003e \u003cli\u003eImproving preventive and detective controls\u003c/li\u003e \u003c/ul\u003e |
nl
en
