450.2 Understanding Your Network
فهرست مطالب:
Network Architecture
Traffic Capture and Analysis
Understanding DNS
DNS Analysis and Attacks
EXERCISE 2.1: Exploring DNS
Understanding HTTP(S)
HTTP Analysis and Attacks
EXERCISE 2.2: HTTP and HTTPS Analysis
Understanding SMTP and Email
Additional Network Protocols
Day 2 Summary
EXERCISE 2.3: SMTP and Email Analysis
450.3 – Understanding Endpoints, Logs, and Files
فهرست مطالب:
Endpoint Attack Tactics
Endpoint Defense In Depth
How Windows Logging Works
How Linux Logging Works
Interpreting Important Events
EXERCISE 3.1: Interpreting Windows Logs
Log Collection, Parsing, and Normalization
EXERCISE 3.2: Log Enrichment and Visualization
File Contents and Identification
Identifying and Handling Suspicious Files
Day 3 Summary
EXERCISE 3.3: Malicious File Identification
450.4 – Triage and Analysis
فهرست مطالب:
Alert Triage and Prioritization
Perception, Memory, and Investigation
Models and Concepts for Infosec
EXERCISE 4.1: Alert Triage and Prioritization
Structure Analytical Techniques
Analysis Questions and Tactics
Analysis OPSEC
EXERCISE 4.2: Structured Analysis Challenge
Intrusion Discovery
Incident Closing and Quality Review
Day 4 Summary
EXERCISE 4.3: Collecting and Documenting Incident Information
450.5 Continuous Improvement, Analytics, and Automation
فهرست مطالب:
Improving Life in the SOC
Analytic Features and Enrichment
New Analytic Design, Testing, and Sharing
Tuning and False Positive Reduction
EXERCISE 5.1: Alert Tuning
Automation and Orchestration
Improving Operational Efficiency and Workflow
EXERCISE 5.2: Security Automation
Containing Identified Intrusions
EXERCISE 5.3: Incident Containment
Skill and Career Development
CTF Preparation
503.1 – Defensible Security Architecture and Engineering
فهرست مطالب کتاب 503.1 – Defensible Security Architecture and Engineering:
Defensible Security Architecture
Traditional Security Architecture Deficiencies
Winning Defensible Security Techniques
Security Models
Threat, Vulnerability, and Data Flow Analysis
EXERCISE: Egress Analysis
Physical Security
Wireless
Layer 2 Attacks and Mitigations
EXERCISE: Identifying Layer 2 Attacks
Private VLANs
Switch and Router Best Practices
Network Flow
EXERCISE: Architecting for Flow Data
1 Summary
504.1 – Incident Handling Step-by-Step and Computer Crime Investigation
فهرست مطالب کتاب 504.1 – Incident Handling Step-by-Step and Computer Crime Investigation:
Roadmap and Overview
Incident Handling Process
Preparation
Identification
Cheat Sheets
LAB 1.1: Windows Cheat Sheet
Containment
Eradication
Recovery
Lessons Learned
Enterprise-Wide IR
LAB 1.2: Enterprise-Wide Identification and Analysis
Espionage
Unauthorized Use
Insider Threats
Legal Issues and Cybercrime Laws
LAB 1.3: IR Tabletop
Appendix A: Intro to VMware and LinuxWorkshop