Applied Incident Response
暫譯: 應用事件回應

Steve Anson

Applied Incident Response
  • 出版商: Wiley
  • 出版日期: 2020-01-29
  • 定價: $1,570
  • 售價: 9.5$1,492
  • 語言: 英文
  • ISBN: 1119560268
  • ISBN-13: 9781119560265

    • 立即出貨 (庫存=1)

買這商品的人也買了...

商品描述

Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary.  Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response techniques and a framework through which to apply them.  As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including:

  • Preparing your environment for effective incident response
  • Leveraging MITRE ATT&CK and threat intelligence for active network defense
  • Local and remote triage of systems using PowerShell, WMIC, and open-source tools
  • Acquiring RAM and disk images locally and remotely
  • Analyzing RAM with Volatility and Rekall
  • Deep-dive forensic analysis of system drives using open-source or commercial tools
  • Leveraging Security Onion and Elastic Stack for network security monitoring
  • Techniques for log analysis and aggregating high-value logs
  • Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox
  • Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more
  • Effective threat hunting techniques
  • Adversary emulation with Atomic Red Team
  • Improving preventive and detective controls

商品描述(中文翻譯)

事件響應對於任何網路的主動防禦至關重要,事件響應人員需要最新的、可立即應用的技術來應對對手。《應用事件響應》詳細介紹了有效應對針對本地和遠端網路資源的高級攻擊的方法,提供了經過驗證的響應技術和應用這些技術的框架。作為新任事件處理者的起點,或作為資深事件響應專家的技術參考,本書詳細說明了應對網路威脅的最新技術,包括:

- 為有效的事件響應準備環境
- 利用 MITRE ATT&CK 和威脅情報進行主動網路防禦
- 使用 PowerShell、WMIC 和開源工具對系統進行本地和遠端的初步檢查
- 本地和遠端獲取 RAM 和磁碟映像
- 使用 Volatility 和 Rekall 分析 RAM
- 使用開源或商業工具對系統磁碟進行深入的取證分析
- 利用 Security Onion 和 Elastic Stack 進行網路安全監控
- 日誌分析和聚合高價值日誌的技術
- 使用 YARA 規則、FLARE VM 和 Cuckoo Sandbox 對惡意軟體進行靜態和動態分析
- 偵測和應對橫向移動技術,包括 pass-the-hash、pass-the-ticket、Kerberoasting、惡意使用 PowerShell 等等
- 有效的威脅獵捕技術
- 使用 Atomic Red Team 進行對手模擬
- 改進預防和檢測控制措施

作者簡介

Steve Anson is a SANS Certified Instructor and co-founder of leading IT security company Forward Defense. He has over 20 years of experience investigating cybercrime and network intrusion incidents. As a former US federal agent, Steve specialized in intrusion investigations for the FBI and DoD. He has taught incident response and digital forensics techniques to thousands of students around the world on behalf of the FBI Academy, US Department of State, and the SANS Institute. He has assisted governments in over 50 countries to improve their strategic and tactical response to computer-facilitated crimes and works with a range of multinational organizations to prevent, detect and respond to network security incidents.

作者簡介(中文翻譯)

史蒂夫·安森是SANS認證講師,也是領先的IT安全公司Forward Defense的共同創辦人。他擁有超過20年的網路犯罪和入侵事件調查經驗。作為前美國聯邦探員,史蒂夫專注於FBI和國防部的入侵調查。他曾代表FBI學院、美國國務院和SANS學院教授事件響應和數位取證技術,培訓了全球數千名學生。他協助超過50個國家的政府改善其對電腦輔助犯罪的戰略和戰術響應,並與多家跨國組織合作,以預防、檢測和應對網路安全事件。

類似商品

最後瀏覽商品 (5)