Visualitzar TFM

Tabla de Contenidos: “…Machine generated contents note: Introduction to NSM Driving Data Collection The Sensor Platform Full Packet Capture Data Session Data Protocol Metadata Statistical Data Indicators of Compromise Target-Based Detection Signature-Based Detection with Snort Signature-Based Detection with Suricata Anomaly-Based Detection with Bro Early Warning AS&W with Honeypots Packet Analysis Friendly Intelligence Hostile Intelligence Differential Diagnosis of NSM Events Incident Morbidity and Mortality Malware Analysis for NSM…”

Tabla de Contenidos: “…Anti-Virus Engines -- Chapter 23. IDS/IPS and Snort/Suricata Rule Writing -- Chapter 24. Malware Sandbox Internals -- Chapter 25. …”

“…Understand intrusion detection: Its meaning, its value, and how to implement it Master the workings of host-based and network-based intrusion detection systems Learn about network captures, cryptographic hashes, alerting, incident response, and more Gain awareness of anomaly based and signature based intrusion detection systems Learn to use open source intrusion detection systems like Snort, Suricata, and Bro Understand how to perform file integrity checks using Tripwire and Samhain Review multiple forms of built-into-the-OS IDS systems Ric Messier directs the Cybersecurity & Digital Forensics program at Champlain College in Burlington, VT. …”

“…The book begins by setting up an Intrusion Detection System (IDS), integrating the open-source tool Suricata with the Wazuh platform, and then explores topics such as network and host-based intrusion detection, monitoring for known vulnerabilities, exploits, and detecting anomalous behavior. …”

Tabla de Contenidos: “…Automating LLM interactions -- Lab 4.3 - Generating Splunk SPL content from news -- Summary -- Part 2: Automating Validations within CI/CD Pipelines -- Chapter 5: Implementing Logical Unit Tests -- Technical requirements -- Validating syntax and linting -- Lab 5.1 - CrowdStrike syntax validation -- Performing metadata and taxonomy checks -- Lab 5.2 - Google Chronicle payload validation -- Performing data input checks -- Lab 5.3 - Palo Alto signature limitation tests -- Lab 5.4 - Suricata simulation testing -- Lab 5.5 - Git pre-commit hook protections -- Summary -- Further reading -- Chapter 6: Creating Integration Tests -- Technical requirements -- Mapping and Using Synthetic Payloads -- Lab 6.1 - Splunk SPL Detection Testing -- Testing In-Line Payloads -- Lab 6.2 - AWS CloudTrail Detection Tests -- Executing Live-Fire Asynchronous Tests -- Lab 6.3 - CrowdStrike Falcon Payload Testing -- Lab 6.4 - Deploying Caldera BAS -- Summary -- Further reading -- Chapter 7: Leveraging AI for Testing -- Technical requirements -- Synthetic testing with LLMs -- Lab 7.1 - Poe Bot synthetic CI/CD unit testing -- Evaluating data security and ROI -- Lab 7.2 - CodeRabbit augmented peer review -- Implementing multi-LLM model validation -- Summary -- Part 3: Monitoring Program Effectiveness -- Chapter 8: Monitoring Detection Health -- Technical requirements -- Identifying telemetry sources -- Measuring use case performance -- Upstream detection performance -- Downstream detection performance -- Lab 8.1 - Google Chronicle detection insights -- Extending dashboard use cases -- Lab 8.2 - Mock SOAR disable excessive firing rule -- Summary -- Further reading -- Chapter 9: Measuring Program Efficiency -- Technical requirements -- Creating program KPIs -- Locating data for metrics -- Signal to Noise Ratio -- MITRE ATT&amp -- CK coverage…”

Tabla de Contenidos: “…3 Handling Evidence 4 Cryptographic Hashes 5 Chain of Custody 8 Incident Response 8 The Need for Network Forensic Practitioners 10 Summary 11 References 12 2 Networking Basics 13 Protocols 14 Open Systems Interconnection (OSI) Model 16 TCP/IP Protocol Suite 18 Protocol Data Units 19 Request for Comments 20 Internet Registries 23 Internet Protocol and Addressing 25 Internet Protocol Addresses 28 Internet Control Message Protocol (ICMP) 31 Internet Protocol Version 6 (IPv6) 31 Transmission Control Protocol (TCP) 33 Connection-Oriented Transport 36 User Datagram Protocol (UDP) 38 Connectionless Transport 39 Ports 40 Domain Name System 42 Support Protocols (DHCP) 46 Support Protocols (ARP) 48 Summary 49 References 51 3 Host-Side Artifacts 53 Services 54 Connections 60 Tools 62 netstat 63 nbstat 66 ifconfi g/ipconfi g 68 Sysinternals 69 ntop 73 Task Manager/Resource Monitor 75 ARP 77 /proc Filesystem 78 Summary 79 4 Packet Capture and Analysis 81 Capturing Packets 82 Tcpdump/Tshark 84 Wireshark 89 Taps 91 Port Spanning 93 ARP Spoofi ng 94 Passive Scanning 96 Packet Analysis with Wireshark 98 Packet Decoding 98 Filtering 101 Statistics 102 Following Streams 105 Gathering Files 106 Network Miner 108 Summary 110 5 Attack Types 113 Denial of Service Attacks 114 SYN Floods 115 Malformed Packets 118 UDP Floods 122 Amplifi cation Attacks 124 Distributed Attacks 126 Backscatter 128 Vulnerability Exploits 130 Insider Threats 132 Evasion 134 Application Attacks 136 Summary 140 6 Location Awareness 143 Time Zones 144 Using whois 147 Traceroute 150 Geolocation 153 Location-Based Services 156 WiFi Positioning 157 Summary 158 7 Preparing for Attacks 159 NetFlow 160 Logging 165 Syslog 166 Windows Event Logs 171 Firewall Logs 173 Router and Switch Logs 177 Log Servers and Monitors 178 Antivirus 180 Incident Response Preparation 181 Google Rapid Response 182 Commercial Offerings 182 Security Information and Event Management 183 Summary 185 8 Intrusion Detection Systems 187 Detection Styles 188 Signature-Based 188 Heuristic 189 Host-Based versus Network-Based 190 Snort 191 Suricata and Sagan 201 Bro 203 Tripwire 205 OSSEC 206 Architecture 206 Alerting 207 Summary 208 9 Using Firewall and Application Logs 211 Syslog 212 Centralized Logging 216 Reading Log Messages 220 LogWatch 222 Event Viewer 224 Querying Event Logs 227 Clearing Event Logs 231 Firewall Logs 233 Proxy Logs 236 Web Application Firewall Logs 238 Common Log Format 240 Summary 243 10 Correlating Attacks 245 Time Synchronization 246 Time Zones 246 Network Time Protocol 247 Packet Capture Times 249 Log Aggregation and Management 251 Windows Event Forwarding 251 Syslog 252 Log Management Offerings 254 Timelines 257 Plaso 258 PacketTotal 259 Wireshark 261 Security Information and Event Management 262 Summary 263 11 Network Scanning 265 Port Scanning 266 Operating System Analysis 271 Scripts 273 Banner Grabbing 275 Ping Sweeps 278 Vulnerability Scanning 280 Port Knocking 285 Tunneling 286 Passive Data Gathering 287 Summary 289 12 Final Considerations 291 Encryption 292 Keys 293 Symmetric 294 Asymmetric 295 Hybrid 296 SSL/TLS 297 Cloud Computing 306 Infrastructure as a Service 306 Storage as a Service 309 Software as a Service 310 Other Factors 311 The Onion Router (TOR) 314 Summary 317 Index 319.…”

“…¿Qué tienen que ver los suricatas con el éxito de una empresa? ¿Por qué el pegamento que no pegaba fue un gran avance tecnológico? …”

Tabla de Contenidos: “…-- 9.3 Scanning endpoints for IOCs -- 9.4 Inspecting network traffic with Suricata -- 9.4.1 Setting up Suricata -- 9.4.2 Monitoring the network…”

“…You'll then explore Kali Purple's compatibility with the Malcolm suite of tools, including Arkime, CyberChef, Suricata, and Zeek. As you progress, the book introduces advanced features, such as security incident response with StrangeBee's Cortex and TheHive and threat and intelligence feeds. …”