Jardan

Applied Incident Response by Steve Anson (English) Paperback Book

Description: FREE SHIPPING UK WIDE Applied Incident Response by Steve Anson Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary. Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response techniques and a framework through which to apply them. As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including: Preparing your environment for effective incident responseLeveraging MITRE ATT&CK and threat intelligence for active network defenseLocal and remote triage of systems using PowerShell, WMIC, and open-source toolsAcquiring RAM and disk images locally and remotelyAnalyzing RAM with Volatility and RekallDeep-dive forensic analysis of system drives using open-source or commercial toolsLeveraging Security Onion and Elastic Stack for network security monitoringTechniques for log analysis and aggregating high-value logsStatic and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo SandboxDetecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many moreEffective threat hunting techniquesAdversary emulation with Atomic Red TeamImproving preventive and detective controls FORMAT Paperback LANGUAGE English CONDITION Brand New Back Cover DEFEND YOUR NETWORK WITH IMMEDIATELY APPLICABLE INCIDENT RESPONSE SKILLS Incident response is critical for the active defense of any network, and incident responders need up-to-date, actionable techniques with which to engage the adversary . Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response methods and a framework through which to implement them. Drawing on the authors experience investigating intrusions for the FBI, US Department of Defense (DoD), and many international organizations, this authoritative book covers the core skills needed for incident handling and active network defense, including triaging systems, acquiring memory, imaging disks, collecting network data, log analysis, memory forensics, disk forensics, network security monitoring, adversary emulation, threat hunting, and more. Examples focus on free and open-source tools, but introduce commercial alternatives as well. As a starting point for new incident handlers, or as a technical reference for hardened incident response veterans, this book details the latest techniques for responding to threats against your network, including: Preparing your environment for effective incident response Leveraging MITRE ATT&CK and threat intelligence for active network defense Local and remote triage of systems using PowerShell, WMIC, and open-source tools Acquiring RAM and disk images locally and remotely Analyzing RAM with Volatility and Rekall Deep-dive forensic analysis of system drives using open-source or commercial tools Leveraging Security Onion and Elastic Stack for network security monitoring Techniques for log analysis and aggregating high-value logs Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more Effective threat hunting techniques Adversary emulation with Atomic Red Team Improving preventive and detective controls Flap DEFEND YOUR NETWORK WITH IMMEDIATELY APPLICABLE INCIDENT RESPONSE SKILLS Incident response is critical for the active defense of any network, and incident responders need up-to-date, actionable techniques with which to engage the adversary . Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response methods and a framework through which to implement them. Drawing on the authors experience investigating intrusions for the FBI, US Department of Defense (DoD), and many international organizations, this authoritative book covers the core skills needed for incident handling and active network defense, including triaging systems, acquiring memory, imaging disks, collecting network data, log analysis, memory forensics, disk forensics, network security monitoring, adversary emulation, threat hunting, and more. Examples focus on free and open-source tools, but introduce commercial alternatives as well. As a starting point for new incident handlers, or as a technical reference for hardened incident response veterans, this book details the latest techniques for responding to threats against your network, including: Preparing your environment for effective incident response Leveraging MITRE ATT&CK and threat intelligence for active network defense Local and remote triage of systems using PowerShell, WMIC, and open-source tools Acquiring RAM and disk images locally and remotely Analyzing RAM with Volatility and Rekall Deep-dive forensic analysis of system drives using open-source or commercial tools Leveraging Security Onion and Elastic Stack for network security monitoring Techniques for log analysis and aggregating high-value logs Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more Effective threat hunting techniques Adversary emulation with Atomic Red Team Improving preventive and detective controls Author Biography Steve Anson is a SANS Certified Instructor and co-founder of leading IT security company Forward Defense. He has over 20 years of experience investigating cybercrime and network intrusion incidents. As a former US federal agent, Steve specialized in intrusion investigations for the FBI and DoD. He has taught incident response and digital forensics techniques to thousands of students around the world on behalf of the FBI Academy, US Department of State, and the SANS Institute. He has assisted governments in over 50 countries to improve their strategic and tactical response to computer-facilitated crimes and works with a range of multinational organizations to prevent, detect and respond to network security incidents. Table of Contents Part I Prepare 1 Chapter 1 The Threat Landscape 3 Attacker Motivations 3 Intellectual Property Theft 4 Supply Chain Attack 4 Financial Fraud 4 Extortion 5 Espionage 5 Power 5 Hacktivism 6 Revenge 6 Attack Methods 6 DoS and DDoS 7 Worms 8 Ransomware 8 Phishing 9 Spear Phishing 9 Watering Hole Attacks 10 Web Attacks 10 Wireless Attacks 11 Sniffing and MitM 11 Crypto Mining 12 Password Attacks 12 Anatomy of an Attack 13 Reconnaissance 13 Exploitation 14 Expansion/Entrenchment 15 Exfiltration/Damage 16 Clean Up 16 The Modern Adversary 16 Credentials, the Keys to the Kingdom 17 Conclusion 20 Chapter 2 Incident Readiness 21 Preparing Your Process 21 Preparing Your People 27 Preparing Your Technology 30 Ensuring Adequate Visibility 33 Arming Your Responders 37 Business Continuity and Disaster Recovery 38 Deception Techniques 40 Conclusion 43 Part II Respond 45 Chapter 3 Remote Triage 47 Finding Evil 48 Rogue Connections 49 Unusual Processes 52 Unusual Ports 55 Unusual Services 56 Rogue Accounts 56 Unusual Files 58 Autostart Locations 59 Guarding Your Credentials 61 Understanding Interactive Logons 61 Incident Handling Precautions 63 RDP Restricted Admin Mode and Remote Credential Guard 64 Conclusion 65 Chapter 4 Remote Triage Tools 67 Windows Management Instrumentation Command-Line Utility 67 Understanding WMI and the WMIC Syntax 68 Forensically Sound Approaches 71 WMIC and WQL Elements 72 Example WMIC Commands 79 PowerShell 84 Basic PowerShell Cmdlets 87 PowerShell Remoting 91 Accessing WMI/MI/CIM with PowerShell 95 Incident Response Frameworks 98 Conclusion 100 Chapter 5 Acquiring Memory 103 Order of Volatility 103 Local Memory Collection 105 Preparing Storage Media 107 The Collection Process 109 Remote Memory Collection 117 WMIC for Remote Collection 119 PowerShell Remoting for Remote Collection 122 Agents for Remote Collection 125 Live Memory Analysis 128 Local Live Memory Analysis 129 Remote Live Memory Analysis 129 Conclusion 131 Chapter 6 Disk Imaging 133 Protecting the Integrity of Evidence 133 Dead-Box Imaging 137 Using a Hardware Write Blocker 139 Using a Bootable Linux Distribution 143 Live Imaging 149 Live Imaging Locally 149 Collecting a Live Image Remotely 154 Imaging Virtual Machines 155 Conclusion 160 Chapter 7 Network Security Monitoring 161 Security Onion 161 Architecture 162 Tools 165 Snort, Sguil, and Squert 166 Zeek (Formerly Bro) 172 Elastic Stack 182 Text-Based Log Analysis 194 Conclusion 197 Chapter 8 Event Log Analysis 199 Understanding Event Logs 199 Account-Related Events 207 Object Access 218 Auditing System Configuration Changes 221 Process Auditing 224 Auditing PowerShell Use 229 Using PowerShell to Query Event Logs 231 Conclusion 233 Chapter 9 Memory Analysis 235 The Importance of Baselines 236 Sources of Memory Data 242 Using Volatility and Rekall 244 Examining Processes 249 The pslist Plug-in 249 The pstree Plug-in 252 The dlllist Plug-in 255 The psxview Plug-in 256 The handles Plug-in 256 The malfi nd Plug-in 257 Examining Windows Services 259 Examining Network Activity 261 Detecting Anomalies 264 Practice Makes Perfect 273 Conclusion 274 Chapter 10 Malware Analysis 277 Online Analysis Services 277 Static Analysis 280 Dynamic Analysis 286 Manual Dynamic Analysis 287 Automated Malware Analysis 299 Evading Sandbox Detection 305 Reverse Engineering 306 Conclusion 309 Chapter 11 Disk Forensics 311 Forensics Tools 312 Time Stamp Analysis 314 Link Files and Jump Lists 319 Prefetch 321 System Resource Usage Monitor 322 Registry Analysis 324 Browser Activity 333 USN Journal 337 Volume Shadow Copies 338 Automated Triage 340 Linux/UNIX System Artifacts 342 Conclusion 344 Chapter 12 Lateral Movement Analysis 345 Server Message Block 345 Pass-the-Hash Attacks 351 Kerberos Attacks 353 Pass-the-Ticket and Overpass-the-Hash Attacks 354 Golden and Silver Tickets 361 Kerberoasting 363 PsExec 365 Scheduled Tasks 368 Service Controller 369 Remote Desktop Protocol 370 Windows Management Instrumentation 372 Windows Remote Management 373 PowerShell Remoting 374 SSH Tunnels and Other Pivots 376 Conclusion 378 Part III Refine 379 Chapter 13 Continuous Improvement 381 Document, Document, Document 381 Validating Mitigation Efforts 383 Building On Your Successes, and Learning from Your Mistakes 384 Improving Your Defenses 388 Privileged Accounts 389 Execution Controls 392 PowerShell 394 Segmentation and Isolation 396 Conclusion 397 Chapter 14 Proactive Activities 399 Threat Hunting 399 Adversary Emulation 409 Atomic Red Team 410 Caldera 415 Conclusion 416 Index 419 Feature Part I Prepare 1 Chapter 1 The Threat Landscape 3 Chapter 2 Incident Readiness 21 Part II Respond 45 Chapter 3 Remote Triage 47 Chapter 4 Remote Triage Tools 67 Chapter 5 Acquiring Memory 103 Chapter 6 Disk Imaging 133 Chapter 7 Network Security Monitoring 161 Chapter 8 Event Log Analysis 199 Chapter 9 Memory Analysis 235 Chapter 10 Malware Analysis 277 Chapter 11 Disk Forensics 311 Chapter 12 Lateral Movement Analysis 345 Part III Refine 379 Chapter 13 Continuous Improvement 381 Chapter 14 Proactive Activities 399 Index 419 Details ISBN1119560268 Publisher John Wiley & Sons Inc Year 2020 ISBN-10 1119560268 ISBN-13 9781119560265 Format Paperback Imprint John Wiley & Sons Inc Place of Publication New York Country of Publication United States DEWEY 005.8068 Pages 464 Language English Publication Date 2020-03-09 UK Release Date 2020-03-09 NZ Release Date 2020-01-29 Author Steve Anson Audience General US Release Date 2020-03-09 AU Release Date 2020-01-09 We've got this At The Nile, if you're looking for it, we've got it. With fast shipping, low prices, friendly service and well over a million items - you're bound to find what you want, at a price you'll love! 30 DAY RETURN POLICY No questions asked, 30 day returns! FREE DELIVERY No matter where you are in the UK, delivery is free. SECURE PAYMENT Peace of mind by paying through PayPal and eBay Buyer Protection TheNile_Item_ID:136212488;

Price: 31.49 GBP

Location: London

End Time: 2024-11-21T03:31:36.000Z

Shipping Cost: 5.03 GBP

Product Images

Applied Incident Response by Steve Anson (English) Paperback Book

Item Specifics

Return postage will be paid by: Buyer

Returns Accepted: Returns Accepted

After receiving the item, your buyer should cancel the purchase within: 30 days

Return policy details:

ISBN-13: 9781119560265

Book Title: Applied Incident Response

Number of Pages: 464 Pages

Language: English

Publication Name: Applied Incident Response

Publisher: John Wiley & Sons INC International Concepts

Publication Year: 2020

Subject: Computer Science

Item Height: 233 mm

Item Weight: 764 g

Type: Textbook

Author: Steve Anson

Item Width: 189 mm

Format: Paperback

Recommended

Applied Incident Response by Steve Anson (English) Paperback Book
Applied Incident Response by Steve Anson (English) Paperback Book

$38.60

View Details
Applied Incident Response, Paperback by Anson, Steve, Brand New, Free shippin...
Applied Incident Response, Paperback by Anson, Steve, Brand New, Free shippin...

$32.40

View Details
Applied Incident Response, Paperback by Anson, Steve, Brand New, Free P&P in ...
Applied Incident Response, Paperback by Anson, Steve, Brand New, Free P&P in ...

$31.95

View Details
Applied Incident Response by Anson, Steve
Applied Incident Response by Anson, Steve

$21.13

View Details
BEHIND PAINTED WALLS: INCIDENTS IN SOUTHWESTERN By Florence C. Lister EXCELLENT
BEHIND PAINTED WALLS: INCIDENTS IN SOUTHWESTERN By Florence C. Lister EXCELLENT

$45.95

View Details
Critical Incident Stress Management in Aviation by Joachim Vogt (English) Hardco
Critical Incident Stress Management in Aviation by Joachim Vogt (English) Hardco

$207.88

View Details
SUNY Series, Case Studies in Applied Ethics, Technology, and Society: The Ford P
SUNY Series, Case Studies in Applied Ethics, Technology, and Society: The Ford P

$8.99

View Details
Electromagnetic Radiation of Electrons in Periodic Structures by Alexander Potyl
Electromagnetic Radiation of Electrons in Periodic Structures by Alexander Potyl

$188.89

View Details
Critical Incident Stress Management in Aviation, Hardcover by Leonhardt, Jorg...
Critical Incident Stress Management in Aviation, Hardcover by Leonhardt, Jorg...

$207.86

View Details
THE FORD PINTO CASE (SUNY SERIES, CASE STUDIES IN APPLIED By Douglas Birsch Mint
THE FORD PINTO CASE (SUNY SERIES, CASE STUDIES IN APPLIED By Douglas Birsch Mint

$29.75

View Details