Condition: BRAND NEW
ISBN: 9781119560265
Year: 2020
Publisher: John Wiley & Sons Inc (US)
Pages: 464


Description:


Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary.  Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response techniques and a framework through which to apply them.  As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including:


Preparing your environment for effective incident response

Leveraging MITRE ATT&CK and threat intelligence for active network defense

Local and remote triage of systems using PowerShell, WMIC, and open-source tools

Acquiring RAM and disk images locally and remotely

Analyzing RAM with Volatility and Rekall

Deep-dive forensic analysis of system drives using open-source or commercial tools

Leveraging Security Onion and Elastic Stack for network security monitoring

Techniques for log analysis and aggregating high-value logs

Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox

Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more

Effective threat hunting techniques

Adversary emulation with Atomic Red Team

Improving preventive and detective controls