TY  - BOOK
AU  - Anson,Steve
TI  - Applied incident response
SN  - 1119560284
AV  - QA76.9.A25 
U1  - 005.8 23
PY  - 2020///
CY  - Indianapolis
PB  - Wiley
KW  - Computer security
KW  - Computer networks
KW  - Security measures
KW  - Computer Security
KW  - Sï¿½ecuritï¿½e informatique
KW  - Rï¿½eseaux d'ordinateurs
KW  - Sï¿½ecuritï¿½e
KW  - Mesures
KW  - COMPUTERS
KW  - Security
KW  - Networking
KW  - bisacsh
KW  - fast
N1  - Includes index; Prepare. The Threat Landscape -- Incident Readiness -- Respond. Remote Triage -- Remote Triage Tools -- Acquiring Memory -- Disk Imaging -- Network Security Monitoring -- Event Log Analysis -- Memory Analysis -- Malware Analysis -- Disk Forensics -- Lateral Movement Analysis -- Refine. Continuous Improvement -- Proactive Activities
N2  - Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary.''Applied Incident Response'details effective ways to respond to advanced attacks against local and remote network resources, 'providing proven response techniques and a framework through which to apply them.' As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including: -Preparing your environment for effective incident response -Leveraging MITRE ATT & CK and threat intelligence for active network defense -Local and remote triage of systems using PowerShell, WMIC, and open-source tools -Acquiring RAM and disk images locally and remotely -Analyzing RAM with Volatility and Rekall -Deep-dive forensic analysis of system drives using open-source or commercial tools -Leveraging Security Onion and Elastic Stack for network security monitoring -Techniques for log analysis and aggregating high-value logs -Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox -Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more -Effective threat hunting techniques -Adversary emulation with Atomic Red Team -Improving preventive and detective controls
UR  - https://onlinelibrary.wiley.com/doi/book/10.1002/9781119560302
ER  -