Security Event Triage: Analyzing Live System Process and Files

سرفصل های دوره

Traditional forensic analysis on endpoints is outpaced by modern attack techniques. This course will teach you how to efficiently identify and investigate malicious activity by performing live system analysis on processes and files.

1 - Course Overview

1. Course Overview

2 - Defining Live System Analysis

1. Introduction

2. Addressing the Gaps of Traditional Security Capabilities

3. Defining Live System Analysis

4. Performing Live System Analysis

5. Progressing on the Security Event Triage Path

3 - Analyzing Host-based Indicators

01. Introduction

02. File Analysis Basics

03. Demo - Analyzing Files with Linux Command Line Tools

04. Analyzing Encoded Payloads

05. Investigating Malicious Use of Alternate Data Streams

06. Detecting Persistence via the Windows Registry

07. Detecting Persistence on Linux

08. Performing Live System Analysis on Linux

09. Signature-based Detection with Osquery

10. Leverage File Integrity Monitoring to Detect File Exfiltration

11. Module Overview

4 - Analyzing Live Processes and Services

1. Intro

2. Windows Processes and Services

3. Identify Process Anomalies on Linux

4. Analyzing Process Injection Techniques

5. Demo - Detecting Process Injection with Sysmon

6. Analyzing Process Hollowing

7. Demo - Detecting Process Tampering with Sysmon

5 - Leveraging Memory Analysis

1. Intro

2. Correlating Network Activity with Running Processes

3. Demo - Correlating Network Events to Discover Lateral Mvement

4. Set Analyzing Live System Process Files

5. Demo - Detecting Malicious Processes with Volatility

6 - Correlating Security Events

1. Summarizing Globomantics Security Incidents

2. Correlating Events at Scale

3. Additional Resources

Exercise Files

set-analyzing-live-system-process-files.zip

139,000 تومان

خرید اشتراک افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: PluralSight