Applied Incident Response

Steve Anson

  • 出版商: Wiley
  • 出版日期: 2020-01-29
  • 定價: $1,570
  • 售價: 9.5$1,492
  • 語言: 英文
  • ISBN: 1119560268
  • ISBN-13: 9781119560265
  • 立即出貨 (庫存=1)

買這商品的人也買了...

商品描述

Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary.  Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response techniques and a framework through which to apply them.  As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including:

  • Preparing your environment for effective incident response
  • Leveraging MITRE ATT&CK and threat intelligence for active network defense
  • Local and remote triage of systems using PowerShell, WMIC, and open-source tools
  • Acquiring RAM and disk images locally and remotely
  • Analyzing RAM with Volatility and Rekall
  • Deep-dive forensic analysis of system drives using open-source or commercial tools
  • Leveraging Security Onion and Elastic Stack for network security monitoring
  • Techniques for log analysis and aggregating high-value logs
  • Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox
  • Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more
  • Effective threat hunting techniques
  • Adversary emulation with Atomic Red Team
  • Improving preventive and detective controls

商品描述(中文翻譯)

事件回應對於任何網路的主動防禦至關重要,而事件回應人員需要即時可用的技巧來應對對手。《應用事件回應》詳細介紹了應對本地和遠程網路資源的高級攻擊的有效方法,提供了經過驗證的回應技巧和應用框架。作為新的事件處理人員的起點,或者作為經驗豐富的事件回應老手的技術參考,本書詳細介紹了應對網路威脅的最新技術,包括:

- 為有效的事件回應準備環境
- 利用MITRE ATT&CK和威脅情報進行主動網路防禦
- 使用PowerShell、WMIC和開源工具對系統進行本地和遠程分析
- 本地和遠程獲取RAM和磁碟映像
- 使用Volatility和Rekall分析RAM
- 使用開源或商業工具對系統驅動器進行深入法醫分析
- 利用Security Onion和Elastic Stack進行網路安全監控
- 日誌分析和聚合高價值日誌的技巧
- 使用YARA規則、FLARE VM和Cuckoo Sandbox對惡意軟體進行靜態和動態分析
- 檢測和應對橫向移動技術,包括傳遞哈希、傳遞票證、Kerberoasting、惡意使用PowerShell等等
- 有效的威脅狩獵技術
- 使用Atomic Red Team進行對手仿真
- 改進預防和檢測控制措施

作者簡介

Steve Anson is a SANS Certified Instructor and co-founder of leading IT security company Forward Defense. He has over 20 years of experience investigating cybercrime and network intrusion incidents. As a former US federal agent, Steve specialized in intrusion investigations for the FBI and DoD. He has taught incident response and digital forensics techniques to thousands of students around the world on behalf of the FBI Academy, US Department of State, and the SANS Institute. He has assisted governments in over 50 countries to improve their strategic and tactical response to computer-facilitated crimes and works with a range of multinational organizations to prevent, detect and respond to network security incidents.

作者簡介(中文翻譯)

Steve Anson 是一位SANS認證講師,也是領先的IT安全公司Forward Defense的共同創辦人。他擁有超過20年的調查網絡犯罪和入侵事件的經驗。作為一名前美國聯邦特工,Steve專門從事FBI和國防部的入侵調查工作。他代表FBI學院、美國國務院和SANS學院向全球數千名學生教授事件應對和數字取證技術。他協助50多個國家的政府改善對計算機犯罪的戰略和戰術反應,並與眾多跨國組織合作,預防、檢測和應對網絡安全事件。