大葉大學圖書館 |

Applied incident response[electronic resource] /

紀錄類型:	書目-電子資源 : Monograph/item
杜威分類號:	005.8
書名/作者:	Applied incident response/ Steven Anson.
作者:	Anson, Steve.
出版者:	Indianapolis, IN : : John Wiley & Sons,, c2020.
面頁冊數:	1 online resource (464 p.)
附註:	Includes index.
標題:	Computer security.
標題:	Computer networks - Security measures.
ISBN:	9781119560302
ISBN:	9781119560289
ISBN:	9781119560319
內容註:	Prepare. The Threat Landscape -- Incident Readiness -- Respond. Remote Triage -- Remote Triage Tools -- Acquiring Memory -- Disk Imaging -- Network Security Monitoring -- Event Log Analysis -- Memory Analysis -- Malware Analysis -- Disk Forensics -- Lateral Movement Analysis -- Refine. Continuous Improvement -- Proactive Activities
摘要、提要註:	Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary. Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response techniques and a framework through which to apply them. As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including: Preparing your environment for effective incident response. Leveraging MITRE ATT&CK and threat intelligence for active network defense. Local and remote triage of systems using PowerShell, WMIC, and open-source tools. Acquiring RAM and disk images locally and remotely. Analyzing RAM with Volatility and Rekall. Deep-dive forensic analysis of system drives using open-source or commercial tools. Leveraging Security Onion and Elastic Stack for network security monitoring. Techniques for log analysis and aggregating high-value logs. Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox. Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more. Effective threat hunting techniques. Adversary emulation with Atomic Red Team. Improving preventive and detective controls.
電子資源:	https://onlinelibrary.wiley.com/doi/book/10.1002/9781119560302

Applied incident response[electronic resource] /
Anson, Steve.

Applied incident response[electronic resource] /Steven Anson. - 1st ed. - Indianapolis, IN :John Wiley & Sons,c2020. - 1 online resource (464 p.)

Includes index.

Prepare. The Threat Landscape -- Incident Readiness -- Respond. Remote Triage -- Remote Triage Tools -- Acquiring Memory -- Disk Imaging -- Network Security Monitoring -- Event Log Analysis -- Memory Analysis -- Malware Analysis -- Disk Forensics -- Lateral Movement Analysis -- Refine. Continuous Improvement -- Proactive Activities

Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary. Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response techniques and a framework through which to apply them. As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including: Preparing your environment for effective incident response. Leveraging MITRE ATT&CK and threat intelligence for active network defense. Local and remote triage of systems using PowerShell, WMIC, and open-source tools. Acquiring RAM and disk images locally and remotely. Analyzing RAM with Volatility and Rekall. Deep-dive forensic analysis of system drives using open-source or commercial tools. Leveraging Security Onion and Elastic Stack for network security monitoring. Techniques for log analysis and aggregating high-value logs. Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox. Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more. Effective threat hunting techniques. Adversary emulation with Atomic Red Team. Improving preventive and detective controls.

ISBN: 9781119560302Subjects--Topical Terms:

338952
Computer security.

LC Class. No.: QA76.9.A25

Dewey Class. No.: 005.8

Applied incident response[electronic resource] /
LDR:02711cmm a2200289 a 4500 001 524683
003 OCoLC
005 20200216072237.6
006 m o d
007 cr cnu---unuuu
008 230513s2020 inu o 001 0 eng d
020 $a 9781119560302 $q (electronic bk. ; $q oBook)
020 $a 9781119560289 $q (ebk.)
020 $a 9781119560319 $q (ePub)
020 $z 9781119560265 $q (print)
035 $a 1136964952
040 $a EBLCP $b eng $c EBLCP $d DG1 $d RECBK $d YDX $d UKMGB
050 4 $a QA76.9.A25
082 0 4 $a 005.8 $2 23
100 1 $a Anson, Steve. $3 751824
245 1 0 $a Applied incident response $h [electronic resource] / $c Steven Anson.
250 $a 1st ed.
260 $a Indianapolis, IN : $b John Wiley & Sons, $c c2020.
300 $a 1 online resource (464 p.)
500 $a Includes index.
505 0 $a Prepare. The Threat Landscape -- Incident Readiness -- Respond. Remote Triage -- Remote Triage Tools -- Acquiring Memory -- Disk Imaging -- Network Security Monitoring -- Event Log Analysis -- Memory Analysis -- Malware Analysis -- Disk Forensics -- Lateral Movement Analysis -- Refine. Continuous Improvement -- Proactive Activities
520 $a Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary. Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response techniques and a framework through which to apply them. As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including: Preparing your environment for effective incident response. Leveraging MITRE ATT&CK and threat intelligence for active network defense. Local and remote triage of systems using PowerShell, WMIC, and open-source tools. Acquiring RAM and disk images locally and remotely. Analyzing RAM with Volatility and Rekall. Deep-dive forensic analysis of system drives using open-source or commercial tools. Leveraging Security Onion and Elastic Stack for network security monitoring. Techniques for log analysis and aggregating high-value logs. Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox. Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more. Effective threat hunting techniques. Adversary emulation with Atomic Red Team. Improving preventive and detective controls.
588 $a Description based on print version record.
650 0 $a Computer security. $3 338952
650 0 $a Computer networks $x Security measures. $3 341462
856 4 0 $u https://onlinelibrary.wiley.com/doi/book/10.1002/9781119560302