Incident reaction is essential for the lively protection of any community, and incident responders want up to date, straight away appropriate tactics with which to have interaction the adversary. Applied Incident Response main points efficient how you can reply to complex assaults in opposition to native and faraway community instruments, offering confirmed reaction tactics and a framework during which to use them. As a kick off point for brand spanking new incident handlers, or as a technical reference for hardened IR veterans, this ebook main points the contemporary tactics for responding to threats in opposition to your community, together with:
- Preparing your atmosphere for efficient incident response
- Leveraging MITRE ATT&CK and risk intelligence for lively community defense
- Local and faraway triage of programs the use of PowerShell, WMIC, and open-supply tools
- Acquiring RAM and disk photographs in the neighborhood and remotely
- Analyzing RAM with Volatility and Rekall
- Deep-dive forensic research of device drives the use of open-supply or business tools
- Leveraging Safety Onion and Elastic Stack for community Safety monitoring
- Techniques for log research and aggregating prime-worth logs
- Static and dynamic research of malware with YARA laws, FLARE VM, and Cuckoo Sandbox
- Detecting and responding to lateral motion tactics, together with cross-the-hash, cross-the-price tag, Kerberoasting, malicious use of PowerShell, and lots of more
- Effective risk searching techniques
- Adversary emulation with Atomic Crimson Team
- Improving preventive and detective controls
