Cargando…

Incident Response with Threat Intelligence : Practical Insights into Developing an Incident Response Capability Through Intelligence-Based Threat Hunting /

Learn everything you need to know to respond to advanced cybersecurity incidents through threat hunting using threat intelligence Key Features Understand best practices for detecting, containing, and recovering from modern cyber threats Get practical experience embracing incident response using inte...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Martinez, Roberto
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham : Packt Publishing, 2022.
Temas:
Acceso en línea:Texto completo
Tabla de Contenidos:
  • Cover
  • Title page
  • Copyright and Credits
  • Dedication
  • Contributors
  • Table of Contents
  • Preface
  • Section 1: The Fundamentals of Incident Response
  • Chapter 1: Threat Landscape and Cybersecurity Incidents
  • Knowing the threat landscape
  • Is COVID-19 also a cyber-pandemic?
  • Supply chain attacks
  • Understanding the motivation behind cyber attacks
  • The ransomware that was not
  • Trick-or-treat
  • Nothing is what it seems
  • Emerging and future cyber threats
  • Cyber attacks targeting IOT devices
  • Autonomous vehicles
  • Drones
  • Electronic voting machines
  • Cyber attacks on robots
  • The challenge of new technologies for DFIR professionals
  • Summary
  • Further reading
  • Chapter 2: Concepts of Digital Forensics and Incident Response
  • Concepts of digital forensics and incident response (DFIR)
  • Digital forensics
  • What is incident response?
  • Difference between events and incidents
  • Digital evidence and forensics artifacts
  • Looking for artifacts and IoCs
  • IoCs versus IoAs
  • Incident response standards and frameworks
  • NIST Computer Security Incident Handling Guide
  • SANS incident response process
  • NIST Guide to Integrating Forensic Techniques into Incident Response
  • Defining an incident response posture
  • Summary
  • Further reading
  • Chapter 3: Basics of the Incident Response and Triage Procedures
  • Technical requirements
  • Principles of first response
  • First response guidelines
  • Triage
  • concept and procedures
  • First response procedures in different scenarios
  • First response toolkit
  • Forensic image acquisition tools
  • Artifact collectors
  • Summary
  • Further reading
  • Chapter 4: Applying First Response Procedures
  • Technical requirements
  • Case study
  • a data breach incident
  • Analyzing the cybersecurity incident
  • Selecting the best strategy
  • Next steps
  • Following first-response procedures
  • Memory acquisition
  • Memory capture and artifacts acquisition using KAPE
  • Disk drive acquisition procedures
  • Hard drive acquisition using a hardware duplicator
  • Summary
  • Further reading
  • Section 2: Getting to Know the Adversaries
  • Chapter 5: Identifying and Profiling Threat Actors
  • Technical requirements
  • Exploring the different types of threat actors
  • Hacktivists
  • Script kiddies
  • Insiders
  • Cybercriminals
  • Ransomware gangs
  • Advanced Persistent Threats (APT) groups
  • Cyber-mercenaries
  • Researching adversaries and threat actors
  • STIX and TAXII standards
  • Working with STIX objects
  • Creating threat actor and campaign profiles
  • Creating threat actors' profiles using Visual Studio Code
  • Summary
  • Further reading
  • Chapter 6: Understanding the Cyber Kill Chain and the MITRE ATT & CK Framework
  • Technical requirements
  • Introducing the Cyber Kill Chain framework
  • Understanding the MITRE ATT & CK framework
  • Use cases for ATT & CK
  • Using the ATT & CK Navigator