450.3 – Understanding Endpoints, Logs, and Files
فهرست مطالب:
Endpoint Attack Tactics
Endpoint Defense In Depth
How Windows Logging Works
How Linux Logging Works
Interpreting Important Events
EXERCISE 3.1: Interpreting Windows Logs
Log Collection, Parsing, and Normalization
EXERCISE 3.2: Log Enrichment and Visualization
File Contents and Identification
Identifying and Handling Suspicious Files
Day 3 Summary
EXERCISE 3.3: Malicious File Identification
450.4 – Triage and Analysis
فهرست مطالب:
Alert Triage and Prioritization
Perception, Memory, and Investigation
Models and Concepts for Infosec
EXERCISE 4.1: Alert Triage and Prioritization
Structure Analytical Techniques
Analysis Questions and Tactics
Analysis OPSEC
EXERCISE 4.2: Structured Analysis Challenge
Intrusion Discovery
Incident Closing and Quality Review
Day 4 Summary
EXERCISE 4.3: Collecting and Documenting Incident Information
450.5 Continuous Improvement, Analytics, and Automation
فهرست مطالب:
Improving Life in the SOC
Analytic Features and Enrichment
New Analytic Design, Testing, and Sharing
Tuning and False Positive Reduction
EXERCISE 5.1: Alert Tuning
Automation and Orchestration
Improving Operational Efficiency and Workflow
EXERCISE 5.2: Security Automation
Containing Identified Intrusions
EXERCISE 5.3: Incident Containment
Skill and Career Development
CTF Preparation
503.1 – Defensible Security Architecture and Engineering
فهرست مطالب کتاب 503.1 – Defensible Security Architecture and Engineering:
Defensible Security Architecture
Traditional Security Architecture Deficiencies
Winning Defensible Security Techniques
Security Models
Threat, Vulnerability, and Data Flow Analysis
EXERCISE: Egress Analysis
Physical Security
Wireless
Layer 2 Attacks and Mitigations
EXERCISE: Identifying Layer 2 Attacks
Private VLANs
Switch and Router Best Practices
Network Flow
EXERCISE: Architecting for Flow Data
1 Summary
504.1 – Incident Handling Step-by-Step and Computer Crime Investigation
فهرست مطالب کتاب 504.1 – Incident Handling Step-by-Step and Computer Crime Investigation:
Roadmap and Overview
Incident Handling Process
Preparation
Identification
Cheat Sheets
LAB 1.1: Windows Cheat Sheet
Containment
Eradication
Recovery
Lessons Learned
Enterprise-Wide IR
LAB 1.2: Enterprise-Wide Identification and Analysis
Espionage
Unauthorized Use
Insider Threats
Legal Issues and Cybercrime Laws
LAB 1.3: IR Tabletop
Appendix A: Intro to VMware and LinuxWorkshop
504.2 – Computer and Network Hacker Exploits Part 1
فهرست مطالب کتاب 504.2 – Computer and Network Hacker Exploits Part 1:
Purpose of This Course
General Trends
Step 1: Reconnaissancе
Open-Source Intelligence (OSINT)
LAB 2.1: OSINT with SpiderFoot
DNS Interrogation
Website Searches
Search Engines as Recon Tools
Maltego Recon Suite
Web-Based Recon and Attack Sites
Step 2: Scanning
War Dialing
Step 2: Scanning (Continued)
War Driving
LAB 2.2: Wireless LAN Discovery
Network Mapping with Nmap
Port Scanning with Nmap
LAB 2.3: Nmap
Evading IDS/IPS
Vulnerability Scanning with Nessus
LAB 2.4: Nessus Scan Analysis
SMB Sessions
LAB 2.5: SMB Sessions