Applied Incident Response

<p>Incident response is critical for the active defense of any network, and incident responders need up-to-date, immediately applicable techniques with which to engage the adversary.  <i>Applied Incident Response</i> details effective ways to respond to advanced attacks against local and remote network resources, providing proven response techniques and a framework through which to apply them.  As a starting point for new incident handlers, or as a technical reference for hardened IR veterans, this book details the latest techniques for responding to threats against your network, including:</p> <ul> <li>Preparing your environment for effective incident response</li> <li>Leveraging MITRE ATT&CK and threat intelligence for active network defense</li> <li>Local and remote triage of systems using PowerShell, WMIC, and open-source tools</li> <li>Acquiring RAM and disk images locally and remotely</li> <li>Analyzing RAM with Volatility and Rekall</li> <li>Deep-dive forensic analysis of system drives using open-source or commercial tools</li> <li>Leveraging Security Onion and Elastic Stack for network security monitoring</li> <li>Techniques for log analysis and aggregating high-value logs</li> <li>Static and dynamic analysis of malware with YARA rules, FLARE VM, and Cuckoo Sandbox</li> <li>Detecting and responding to lateral movement techniques, including pass-the-hash, pass-the-ticket, Kerberoasting, malicious use of PowerShell, and many more</li> <li>Effective threat hunting techniques</li> <li>Adversary emulation with Atomic Red Team</li> <li>Improving preventive and detective controls</li> </ul>