籌款 9月15日 2024 – 10月1日 2024 關於籌款

Incident Response and Cyber Investigations

Main
Computers - Security
Incident Response and Cyber...

Incident Response and Cyber Investigations

SANS Institute

0 / 5.0

你有多喜歡這本書？

文件的質量如何？

下載本書進行質量評估

下載文件的質量如何？

Overview

The first section of SEC504 focuses on how to develop and build an incident response process in your organization by applying the Dynamic Approach to Incident Response (DAIR) to effectively verify, scope, contain, assess, and remediate threats. We'll apply this process in-depth with hands-on labs and examples from real-world compromises.

Exercises

Live Windows examination
Network investigation
Memory investigation
Malware investigation
Cloud investigation

Topics

Incident Response

Case study: Argous Corporation compromise
Dynamic Approach to Incident Response
Investigative analysis: Examining incident evidence

Digital Investigations

Techniques for digital investigation
Establishing an incident timeline
Investigation efficiency: Data reduction

Live Examination

Using PowerShell for Windows threat hunting
Identifying suspicious Windows processes
Correlating network and persistence activity
Assessing file-less malware threats
Enumerating Windows auto-start extensibility points
Leveraging Sysinternals for live Windows examinations

Network Investigations

Identifying compromised host beaconing with proxy server logs
Filtering network activity to identify indicators of compromise
Assessing encrypted network traffic with multiple data sources
Building the incident timeline

Memory Investigations

Collecting volatile memory from a compromised host
Conducting offline analysis of attacker persistence
Using Volatility 3 to investigate malware
Build attacker event timelines using non-volatile memory captures

Malware Investigations

Assessing attacker malware in a safe test environment
Using snapshot and continuous recording tools
Inspecting malware actions with RegShot and Procmon
Identifying malicious code on Windows

Cloud Investigations

Steps for conducting a cloud security incident investigation
Essential cloud logging assets for incident response
Data collection and isolation for compromise assessment
Applying cloud recovery and remediation following an incident
Complete cloud compromise incident response

類別:

Computers - Security

年:

2023

語言:

english

頁數:

120

文件:

PDF, 8.94 MB

IPFS:

,

english, 2023

線上閱讀

轉換進行中

轉換為失敗

你可能感興趣

Lenny Zeltser — SANS - FOR610

Offensive Security — Evasion Techniques and Breaching Defenses 1.0

Offensive Security — Advanced Web Attacks and Exploitation 1.5

SANS — SANS 542.1 - Web App Penetration Testing and Ethical Hacking - Introduction and Information Gathering

SANS — SANS 542.2 - Web App Penetration Testing and Ethical Hacking - Configuration Identity and Authentication Testing

SANS — SANS 542.3 - Web App Penetration Testing and Ethical Hacking - Injection

SANS — SANS 542.4 - Web App Penetration Testing and Ethical Hacking - XXE and XSS

SANS — SANS - 542.5 - Web App Penetration Testing and Ethical Hacking - CSRF Logic Flaws and Advanced Tools

SANS Institute — SANS 660.1 - Network Attacks for Penetration Testers

SANS Institute — SANS 660.2 - Crypto and Post-Exploitation

SANS Institute — 660.3 - Python, Scapy, and Fuzzing

SANS Institute — SANS 660.4 - Exploiting Linux for Penetration Testers

SANS Institute — SANS 660.5 - Exploiting Windows for Penetration Testers

SANS — SANS - 578 Workbook

SANS — SANS - 578.4 - Analysis and Dissemination of Intelligence

SANS — SANS - 578.2 - The Fundamental Skillset - Intrusion Analysis

SANS — SANS - 578.5 - Higher Order Analysis and Attribution

SANS — SANS - 578.3 - Collection Sources

offensive security — EXP-301 : Windows User Mode Exploit Development [OSED] 2022

Shared by Tamarisk — PEN200 - OSCP - 2023 version

Jason Lam , Johannes Ullrich — SEC522.5

Jason Lam — SEC522.4 - Web Services and Front-End Security

Gerard Johansen — Digital Forensics and Incident Response

VERSAtile Reads — CISSP Fast Track Master: CISSP Essentials for Exam Success - Exam Cram Notes: 1st Edition - 2024

SANS Institute — SANS 560.1 - Comprehensive Pen Test Planning, Scoping, and Recon

SANS Institute — SANS 560.2 - In-Depth Scanning

SANS Institute — SANS 560.3 - Exploitation

SANS Institute — SANS 560.4 - Post-Exploitation and Merciless Pivoting

SANS Institute — SANS 560.5 - In-Depth Password Attacks and Web App Pen Testing

SANS Institute — SANS 560.6 - Penetration Test and Capture the Flag Workshop

SANS Institute — FOR500.1: Windows Digital Forensics and Advanced Data Triage | FOR500.2: Core Windows Forensics Part 1: Windows Registry Forensics and Analysis

SANS Institute — FOR500.3: Core Windows Forensics Part II: USB Devices and Shell Items | FOR500.4: Core Windows Forensics Part III: Email, Key Additional Artifacts, and Event Logs

SANS Institute — FOR500.6: Workbook

Pedro Bueno — SEC501.5: Malware

Rebekah Brown & Scott J. Roberts — Intelligence-Driven Incident Response, 2nd Edition

Nadhem AlFardan — Cyber Threat Hunting (MEAP V05)

Jit Sinha — Ultimate Splunk for Cybersecurity: Practical Strategies for SIEM Using Splunk’s Enterprise Security (ES) for Threat Detection, Forensic Investigation, and Cloud Security

Richard Medlin, Steve Bartimote — Incident Response

ExamsDigest — CompTIA Security+ SY0-701 Practice Tests & PBQs: Exam SY0-701

Luttgens, Jason & Pepe, Matthew & Mandia, Kevin — Incident Response & Computer Forensics 3rd Edition

Luttgens, Jason & Pepe, Matthew & Mandia, Kevin — Incident Response & Computer Forensics 3rd Edition

Gerard Johansen — Digital Forensics and Incident Response

最常見的術語