Incident Response for Windows Adapt Effective Strategies for Managing Sophisticated Cyberattacks Targeting Windows Systems
Get to grips with modern sophisticated attacks, their intrusion life cycles, and the key motivations of adversaries, and build the most effective cybersecurity incident preparedness, response, remediation, and prevention methodologies Key Features Explore contemporary sophisticated cyber threats, fo...
| Otros Autores: | , , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham :
Packt Publishing, Limited
2024.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009843323206719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright and credits
- Foreword
- Contributors
- Table of Contents
- Preface
- Part 1: Understanding the Threat Landscape and Attack Life Cycle
- Chapter 1: Introduction to the Threat Landscape
- Getting familiar with the cyber threat landscape
- Types of threat actors and their motivations
- APTs
- Cybercriminals
- Hacktivists
- Competitors
- Insider threats
- Terrorist groups
- Script kiddies
- Wrapping up
- Building the cyber threat landscape
- Summary
- Chapter 2: Understanding the Attack Life Cycle
- Phase 1
- gaining an initial foothold
- Gaining access to the network
- Establishing a foothold
- Network discovery
- Phase 2
- Key assets discovery
- Case study
- Network propagation
- Case study
- Phase 3
- Data exfiltration
- Impact
- Case study
- Part 2: Incident Response Procedures and Endpoint Forensic Evidence Collection
- Chapter 3: Phases of an Efficient Incident Response on Windows Infrastructure
- Incident response roles, resources, and problem statements
- Preparation and planning
- developing an effective incident response plan
- Detection and verification
- identifying, assessing, and confirming cybersecurity incidents targeting Windows systems
- Incident detection
- Incident verification
- Incident classification
- Incident analysis and containment
- investigating and stopping the spread of cyberattacks
- Incident analysis
- Incident containment
- Eradication and recovery
- removing the intrusion signs and getting back to normal
- Eradication
- Recovery
- Summary
- Chapter 4: Endpoint Forensic Evidence Collection
- Introduction to endpoint evidence collection
- Collecting data from the endpoints
- Non-volatile data collection
- Memory collection
- Network traffic collection
- Scaling forensic evidence collection
- Summary
- Part 3: Incident Analysis and Threat Hunting on Windows Systems
- Chapter 5: Gaining Access to the Network
- Exploiting public-facing applications
- External remote services
- Spear phishing attacks
- Drive-by compromise
- Other initial access techniques
- Summary
- Chapter 6: Establishing a Foothold
- Methods of post-exploitation
- Maintaining persistent access on Windows systems
- Event logs
- Windows registry
- Filesystem metafiles
- Other sources
- Understanding C2 communication channels
- Summary
- Chapter 7: Network and Key Assets Discovery
- Techniques to discover the Windows environment
- Case 1
- ransomware operators
- Case 2
- classic, financially motivated groups
- Case 3
- corporate espionage
- Detecting discovery
- Using specialized programs
- Using system utilities
- Accessing specific locations and files
- Interim data exfiltration
- Summary
- Chapter 8: Network Propagation
- Lateral movement in the Windows environment
- Detecting lateral movement
- Remote services
- Software deployment tools
