Applied incident response / (Record no. 69239)
[ view plain ]
000 -LEADER | |
---|---|
fixed length control field | 03898cam a2200613Ia 4500 |
001 - CONTROL NUMBER | |
control field | on1136964952 |
005 - DATE AND TIME OF LATEST TRANSACTION | |
control field | 20220711203555.0 |
008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
fixed length control field | 200118s2020 inu o 001 0 eng d |
019 ## - | |
-- | 1136968985 |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
ISBN | 1119560284 |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
ISBN | 9781119560302 |
-- | (electronic bk. ; |
-- | oBook) |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
ISBN | 1119560306 |
-- | (electronic bk. ; |
-- | oBook) |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
ISBN | 9781119560319 |
-- | (ePub ebook) |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
ISBN | 1119560314 |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
ISBN | 9781119560289 |
-- | (electronic bk.) |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
-- | (print) |
029 1# - (OCLC) | |
OCLC library identifier | AU@ |
System control number | 000066724003 |
029 1# - (OCLC) | |
OCLC library identifier | CHNEW |
System control number | 001077463 |
029 1# - (OCLC) | |
OCLC library identifier | CHVBK |
System control number | 582680123 |
029 1# - (OCLC) | |
OCLC library identifier | UKMGB |
System control number | 019610822 |
037 ## - | |
-- | 9781119560319 |
-- | Wiley |
082 04 - CLASSIFICATION NUMBER | |
Call Number | 005.8 |
100 1# - AUTHOR NAME | |
Author | Anson, Steve. |
245 10 - TITLE STATEMENT | |
Title | Applied incident response / |
260 ## - PUBLICATION, DISTRIBUTION, ETC. (IMPRINT) | |
Place of publication | Indianapolis : |
Publisher | Wiley, |
Year of publication | 2020. |
300 ## - PHYSICAL DESCRIPTION | |
Number of Pages | 1 online resource (464 pages) |
505 0# - FORMATTED CONTENTS NOTE | |
Remark 2 | Prepare. The Threat Landscape -- Incident Readiness -- Respond. Remote Triage -- Remote Triage Tools -- Acquiring Memory -- Disk Imaging -- Network Security Monitoring -- Event Log Analysis -- Memory Analysis -- Malware Analysis -- Disk Forensics -- Lateral Movement Analysis -- Refine. Continuous Improvement -- Proactive Activities. |
500 ## - GENERAL NOTE | |
Remark 1 | Includes index. |
520 ## - SUMMARY, ETC. | |
Summary, etc | Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary.''Applied Incident Response'details effective ways to respond to advanced attacks against local and remote network resources, 'providing proven response techniques and a framework through which to apply them.' As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including: -Preparing your environment for effective incident response -Leveraging MITRE ATT & CK and threat intelligence for active network defense -Local and remote triage of systems using PowerShell, WMIC, and open-source tools -Acquiring RAM and disk images locally and remotely -Analyzing RAM with Volatility and Rekall -Deep-dive forensic analysis of system drives using open-source or commercial tools -Leveraging Security Onion and Elastic Stack for network security monitoring -Techniques for log analysis and aggregating high-value logs -Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox -Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more -Effective threat hunting techniques -Adversary emulation with Atomic Red Team -Improving preventive and detective controls. |
650 #0 - SUBJECT ADDED ENTRY--SUBJECT 1 | |
General subdivision | Security measures. |
650 #7 - SUBJECT ADDED ENTRY--SUBJECT 1 | |
General subdivision | Security |
-- | Networking. |
650 #7 - SUBJECT ADDED ENTRY--SUBJECT 1 | |
General subdivision | Security measures. |
856 40 - ELECTRONIC LOCATION AND ACCESS | |
Uniform Resource Identifier | https://doi.org/10.1002/9781119560302 |
942 ## - ADDED ENTRY ELEMENTS (KOHA) | |
Koha item type | eBooks |
336 ## - | |
-- | text |
-- | txt |
-- | rdacontent |
337 ## - | |
-- | computer |
-- | c |
-- | rdamedia |
338 ## - | |
-- | online resource |
-- | cr |
-- | rdacarrier |
588 0# - | |
-- | Print version record. |
650 #0 - SUBJECT ADDED ENTRY--SUBJECT 1 | |
-- | Computer security. |
650 #0 - SUBJECT ADDED ENTRY--SUBJECT 1 | |
-- | Computer networks |
650 #7 - SUBJECT ADDED ENTRY--SUBJECT 1 | |
-- | COMPUTERS |
650 #7 - SUBJECT ADDED ENTRY--SUBJECT 1 | |
-- | Computer networks |
-- | (OCoLC)fst00872341 |
650 #7 - SUBJECT ADDED ENTRY--SUBJECT 1 | |
-- | Computer security. |
-- | (OCoLC)fst00872484 |
994 ## - | |
-- | C0 |
-- | DG1 |
No items available.