SANS SEC555.1 SIEM Architecture
فهرست مطالب کتاب SANS SEC555.1 SIEM Architecture:
State of the SIEM
SIEM Planning
EXERCISE: DeTTect, Visualize Visibility and Detection Capabilities
Log Collection
EXERCISE: Introduction to SIEM Architecture
Log Aggregation and Parsing
EXERCISE: Log Ingestion from Files and Network Connections
EXERCISE: Log Enrichment and Parsing
Log Broker
Log Storage
Alerting and Analysis
EXERCISE: Tactical Alerting
SANS SEC555.2 Service Profiling with SIEM
فهرست مطالب کتاب SANS SEC555.2 Service Profiling with SIEM:
Major Networking Services
Service Log Collection
Log Enrichment
EXERCISE: Enrichment, Adding Context
SMTP
DNS
EXERCISE: Catching the Adversary with DNS
HTTP
EXERCISE: Investigating HTTP
TLS
EXERCISE: HTTPS Analysis
SANS SEC555.3 Advanced Endpoint Analytics
فهرست مطالب کتاب SANS SEC555.3 Advanced Endpoint Analytics:
Windows Logging
Linux Logging
Endpoint Collection Strategies
EXERCISE: Windows Log Filtering
Events of Interest
EXERCISE: CatchingEvil with Windows Logs
Host-based Firewalls
Login Events
EXERCISE: Login Monitoring
OS Protection
Container Logging
EXERCISE: Docker Monitoring
SANS SEC555.4 Baselining and User Behavior Monitoring
فهرست مطالب کتاب SANS SEC555.4 Baselining and User Behavior Monitoring:
Getting to Know Yourself
Active Device Discovery
Passive Device Discovery
EXERCISE: Master Inventory
Software Monitoring
Scripting
EXERCISE: PowerShell Compromise
Traffic Monitoring
EXERCISE: NetFlow Detection
User Monitoring
Tactical Baselining
EXERCISE: Cloud Monitoring
SANS SEC555.5 Tactical SIEM Detection and Post-Mortem Analysis
فهرست مطالب کتاب SANS SEC555.5 Tactical SIEM Detection and Post-Mortem Analysis:
Centralized Alerting
SIEM Alerting
EXERCISE: Sigma, MITRE and Universal Alerts
Intrusion Detection Systems
Analyzing Alerts
EXERCISE: Alert Context
External Analysis Tools
Case Management
Reverse Analysis
Tripwire Detection
EXERCISE: Virtual Tripwires
Post-Mortem Analysis
EXERCISE: Beacon Detection
SANS SEC556.1 Introduction to IoT Network Traffic and Web Services
فهرست مطالب کتاب SANS SEC556.1 Introduction to IoT Network Traffic and Web Services:
Internet of Things – History and Overview
IoT Testing Methodology
IoT Network Analysis and Exploitation
Exercise: Analyze an IoT Device Packet Capture
Exercise: Scan and Exploit an IoT Router Device
The Web of Things
IoT Web Services Recon
Exercise: Access a Publicly Exposed IoT Webcam
Hacking loT Devices on the Web
Attacking loT Web Service APIs
Exercise: Steal a Car through IoT Web Service APIs
SANS SEC556.2 Exploiting IoT Hardware Interfaces and Analyzing Firmware
فهرست مطالب کتاب SANS SEC556.2 Exploiting IoT Hardware Interfaces and Analyzing Firmware:
Background and Importance
Opening the Device
Examining and Identifying Components
Exercise: Obtaining and Analyzing Specification Sheets
Discovering and Identifying Ports
A Soldering Primer
Sniffing, Interaction, and Exploitation of Hardware Ports
Exercise: Sniffing Serial and SPI
Other Ways of Recovering Firmware
Exercise: Recovering Firmware from PCAP
Firmware Analysis
Exercise: Recovering Filesystems with Binwalk
Pillaging the Firmware
Exercise: Pillaging the Filesystem
SANS SEC556.3 Exploiting Wireless IoT Wi-Fi, BLE, Zigbee, LoRa, and SDR
فهرست مطالب کتاب SANS SEC556.3 Exploiting Wireless IoT: Wi-Fi, BLE, Zigbee, LoRa, and SDR:
Wi-Fi
Exercise: Wi-Fi PSK Cracking
Bluetooth Low Energy
Exercise: BLE Device Interaction
Zigbee
Exercise: Zigbee Traffic Capture
LoRa
SDR
Exercise: Conducting a Replay Attack on loT
SANS SEC642.1 Advanced Attacks
فهرست مطالب کتاب SANS SEC642.1 Advanced Attacks:
Methodology and Context
EXERCISE: Getting Warmed Up
RFI
LFI
PHP File Upload Attack
EXERCISE: LFI to Code Execution
SQL Injection
Data Exfiltration
EXERCISE: SQL Injection
NoSQL Injection
MongoDB
EXERCISE: MongoDB NoSQL Injection
DOM-Based XSS
Exploiting XSRF
Exercise: Combined XSS and XSRF
SANS SEC642.4 Alternative Web Interfaces
فهرست مطالب کتاب Alternative Web Interfaces:
Hash Length Extension Attacks
Exercise: hash_extender
Alternative Web Interfaces
Mobile Applications
Exercise: Mobile Application Wireshark Extraction
Compiled Objects
Flash, Java, Silverlight, and ActiveX
Exercise: Decompiling Flash Objects
Web Services
REST and SOAP
Exercise: SOAP
XML XPath
Exercise: Xpath Injection
XML External Entities
Exercise: Acme XXE
WebSockets
Exercise: SocketToMe
HTTP/2
Exercise: H2O
SANS SEC642.5 Web Application Firewall and Filter Bypass
فهرست مطالب کتاب Web Application Firewall and Filter Bypass:
Web Application Security Defenses
Exercise: WAF Versus Web Framework
Developer Created Defenses
Web Framework Defenses
Inline Security Defenses
Exercise: Understanding ModSecurity Rules
Bypassing Defenses
Fingerprinting Defenses
Exercise: Fingerprinting Defenses
Bypassing XSS Defenses
Exercise: Bypassing XSS Defenses
Bypassing SQL Injection Defenses
Exercise: Bypassing SQL Injection Defenses
Bypassing Application Restrictions
Exercise: RCE Bypass with PHP mail()