Description |
1 online resource (464 pages) |
Contents |
Prepare. The Threat Landscape -- Incident Readiness -- Respond. Remote Triage -- Remote Triage Tools -- Acquiring Memory -- Disk Imaging -- Network Security Monitoring -- Event Log Analysis -- Memory Analysis -- Malware Analysis -- Disk Forensics -- Lateral Movement Analysis -- Refine. Continuous Improvement -- Proactive Activities. |
Note |
Includes index. |
Summary |
Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary.''Applied Incident Response'details effective ways to respond to advanced attacks against local and remote network resources, 'providing proven response techniques and a framework through which to apply them.' As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including: -Preparing your environment for effective incident response -Leveraging MITRE ATT & CK and threat intelligence for active network defense -Local and remote triage of systems using PowerShell, WMIC, and open-source tools -Acquiring RAM and disk images locally and remotely -Analyzing RAM with Volatility and Rekall -Deep-dive forensic analysis of system drives using open-source or commercial tools -Leveraging Security Onion and Elastic Stack for network security monitoring -Techniques for log analysis and aggregating high-value logs -Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox -Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more -Effective threat hunting techniques -Adversary emulation with Atomic Red Team -Improving preventive and detective controls. |
Subject |
Computer security.
|
|
Computer networks -- Security measures.
|
|
Computer Security |
|
Sécurité informatique. |
|
Réseaux d'ordinateurs -- Sécurité -- Mesures. |
|
Computer networks -- Security measures |
|
Computer security |
Other Form: |
Print version: Anson, Steve. Applied Incident Response. Newark : John Wiley & Sons, Incorporated, ©2020 9781119560265 |
ISBN |
1119560284 |
|
9781119560302 (electronic bk. ; oBook) |
|
1119560306 (electronic bk. ; oBook) |
|
9781119560319 (ePub ebook) |
|
1119560314 |
|
9781119560289 (electronic bk.) |
|
(print) |
Standard No. |
10.1002/9781119560302 doi |
|