Osoby które kupowały "Intelligence-Driven Incident Response. 2nd Edition", wybierały także:

• Windows Media Center. Domowe centrum rozrywki 66,67 zÅ‚, (8,00 zÅ‚ -88%)
• Ruby on Rails. Ćwiczenia 18,75 zÅ‚, (3,00 zÅ‚ -84%)
• Przywództwo w Å›wiecie VUCA. Jak być skutecznym liderem w niepewnym Å›rodowisku 58,64 zÅ‚, (12,90 zÅ‚ -78%)
• Scrum. O zwinnym zarzÄ…dzaniu projektami. Wydanie II rozszerzone 58,64 zÅ‚, (12,90 zÅ‚ -78%)
• Od hierarchii do turkusu, czyli jak zarzÄ…dzać w XXI wieku 58,64 zÅ‚, (12,90 zÅ‚ -78%)

Spis treści

Intelligence-Driven Incident Response. 2nd Edition eBook -- spis treści

• Foreword to the Second Edition
• Foreword to the First Edition
• Preface
  • Why We Wrote This Book
  • Who This Book Is For
  • How This Book Is Organized
  • Conventions Used in This Book
  • OReilly Online Learning
  • How to Contact Us
  • Acknowledgments
• I. The Fundamentals
• 1. Introduction
  • Intelligence as Part of Incident Response
    • History of Cyber Threat Intelligence
      • The first intrusion
      • Destructive attacks
      • Moonlight Maze
    • Modern Cyber Threat Intelligence
    • The Way Forward
  • Incident Response as a Part of Intelligence
  • What Is Intelligence-Driven Incident Response?
  • Why Intelligence-Driven Incident Response?
    • Operation SMN
    • SolarWinds
  • Conclusion
• 2. Basics of Intelligence
  • Intelligence and Research
  • Data Versus Intelligence
  • Sources and Methods
  • Models
    • Using Models for Collaboration
    • Process Models
      • OODA
        • Observe
        • Orient
        • Decide
        • Act
      • Intelligence cycle
        • Direction
        • Collection
        • Processing
        • Analysis
        • Dissemination
        • Feedback
    • Using the Intelligence Cycle
  • Qualities of Good Intelligence
    • Collection Method
    • Date of Collection
    • Context
    • Addressing Biases in Analysis
  • Levels of Intelligence
    • Tactical Intelligence
    • Operational Intelligence
    • Strategic Intelligence
  • Confidence Levels
  • Conclusion
• 3. Basics of Incident Response
  • Incident-Response Cycle
    • Preparation
    • Identification
    • Containment
    • Eradication
    • Recovery
    • Lessons Learned
  • The Kill Chain
    • Targeting
    • Reconnaissance
      • Hard data versus soft data
      • Active versus passive collection methods
    • Weaponization
      • Vulnerability hunting
      • Exploitability
      • Implant development
      • Testing
      • Infrastructure development
        • Certificates
        • Servers
        • Domains
        • Email addresses
    • Delivery
    • Exploitation
    • Installation
      • System persistence
      • Network persistence
    • Command and Control
    • Actions on Objective
    • Example Kill Chain
  • The Diamond Model
    • Basic Model
    • Extending the Model
  • ATT&CK and D3FEND
    • ATT&CK
    • D3FEND
  • Active Defense
    • Deny
    • Disrupt
    • Degrade
    • Deceive
    • Destroy
  • F3EAD
    • Find
    • Fix
    • Finish
    • Exploit
    • Analyze
    • Disseminate
    • Using F3EAD
  • Picking the Right Model
  • Scenario: Road Runner
  • Conclusion
• II. Practical Application
• 4. Find
  • Actor-Centric Targeting
    • Starting with Known Information
    • Useful Information During the Find Phase
      • Indicators of compromise
      • Behavior
    • Using the Kill Chain
      • Road Runner: Building an initial kill chain
      • Road Runner: Developing the kill chain
    • Goals
  • Victim-Centric Targeting
    • Using Victim-Centric Targeting
      • Victim-infrastructure connection
      • Victim-capability connection
      • Victim-adversary connection
  • Asset-Centric Targeting
    • Using Asset-Centric Targeting
  • Capability-Centric Targeting
    • Using Capability-Centric Targeting
  • Media-Centric Targeting
  • Targeting Based on Third-Party Notification
  • Prioritizing Targeting
    • Immediate Needs
    • Past Incidents
    • Criticality
  • Organizing Targeting Activities
    • Hard Leads
    • Soft Leads
    • Grouping Related Leads
    • Lead Storage and Documentation
  • The Request for Information Process
  • Conclusion
• 5. Fix
  • Intrusion Detection
    • Network Alerting
      • Alerting on reconnaissance
      • Alerting on delivery
        • Attachments
        • Links
        • Metadata
      • Alerting on command and control
        • Command and control via misuse of shared resources
        • No command-and-control malware
      • Alerting on impact
    • System Alerting
      • Alerting on exploitation
      • Alerting on installation
      • Alerting on impact
    • Fixing Road Runner
      • Network activity
  • Intrusion Investigation
    • Network Analysis
      • Traffic analysis
        • Applying intelligence to traffic analysis
        • Gathering data from traffic analysis
      • Signature-based analysis
        • Applying intelligence to signature-based analysis
        • Gathering data from signature-based analysis
      • Full content analysis
        • Applying intelligence to full content analysis
        • Gathering data from full content analysis
      • Learning more
    • Live Response
    • Memory Analysis
    • Disk Analysis
      • Applying intelligence to disk analysis
      • Gathering data from disk analysis
    • Enterprise Detection and Response
    • Malware Analysis
      • Basic static analysis
        • File selectors: Yara
      • Basic dynamic analysis
      • Advanced static analysis
      • Applying intelligence to malware analysis
      • Gathering data from malware analysis
      • Learning more about malware analysis
  • Scoping
  • Hunting
    • Developing Hypotheses
    • Testing Hypotheses
  • Conclusion
• 6. Finish
  • Finishing Is Not Hacking Back
  • Stages of Finish
    • Mitigate
      • Mitigating delivery
      • Mitigating command and control
      • Mitigating actions on objective
      • Mitigating Road Runner
    • Remediate
      • Remediating exploitation
      • Remediating installation
      • Remediating actions on objective
      • Remediating Road Runner
    • Rearchitect
      • Rearchitecting Road Runner
  • Taking Action
    • Deny
    • Disrupt
    • Degrade
    • Deceive
    • Destroy
  • Organizing Incident Data
    • Tools for Tracking Actions
      • Personal notes
      • The Spreadsheet of Doom
      • Third-party, non-purpose-built solutions
    • Purpose-Built Tools
  • Assessing the Damage
  • Monitoring Lifecycle
    • Creation
    • Testing
    • Deployment
    • Refinement
    • Retirement
  • Conclusion
• 7. Exploit
  • Tactical Versus Strategic OODA Loops
  • What to Exploit
  • Gathering Information
    • Information-Gathering Goals
    • Mining Previous Incidents
    • Gathering External Information (or, Conducting a Literature Review)
  • Extracting and Storing Threat Data
    • Standards for Storing Threat Data
    • Data Standards and Formats for Indicators
      • OASIS suite (aka STIX/TAXII)
        • STIX 1
        • STIX 2.X
        • TAXII
      • MILE Working Group
      • OpenIOC
    • Data Standards and Formats for Strategic Information
      • ATT&CK
      • VERIS
      • CAPEC
    • Process for Extracting
      • Step 1: Identify your goals
      • Step 2: Identify your tools
      • Step 3: Identify the system or process you will use
      • Step 4: Launch and iterate
  • Managing Information
    • Threat-Intelligence Platforms
      • MISP
      • CRITs
      • YETI
      • Commercial solutions
  • Conclusion
• 8. Analyze
  • The Fundamentals of Analysis
    • Dual Process Thinking
    • Deductive, Inductive, and Abductive Reasoning
      • Deductive reasoning
      • Inductive reasoning
      • Abductive reasoning
      • Whats the reasoning for talking about reasoning?
  • Analytic Processes and Methods
    • Structured Analytic Techniques (SATs)
      • Key Assumptions Check
      • Analysis of Competing Hypotheses
      • Indicator generation, validation, and evaluation
        • Prepare an indicator list
        • Validate and evaluate indicators
      • Contrarian techniques
        • Devils advocate
        • What if analysis
        • Red team analysis
      • Futures Wheel
    • Target-Centric Analysis
  • Conducting the Analysis
    • What to Analyze
    • Enriching Your Data
      • Enrichment sources
        • WHOIS information
        • Passive DNS information
        • Certificates
        • Malware information
      • Internal enrichment information
    • Leverage Information Sharing
    • Developing Your Hypothesis
    • Evaluating Key Assumptions
  • Things That Will Screw You Up (aka Analytic Bias)
    • Accounting for Biases
      • Confirmation bias
      • Anchoring bias
      • Availability bias
      • Bandwagon effect
      • Mirroring
  • Judgment and Conclusions
  • Conclusion
• 9. Disseminate
  • Intelligence Customer Goals
  • Audience
    • Executive Leadership Customer
    • Internal Technical Customers
    • External Technical Customers
    • Developing Customer Personas
  • Authors
  • Actionability
  • The Writing Process
    • Plan
    • Draft
      • Start with the thesis statement
      • Start with facts
      • Start with an outline or bullet points
    • Edit
  • Intelligence Product Formats
    • Short-Form Products
      • Event summary
      • Target package
      • IOC report
    • Long-Form Products
      • Malware report
      • Campaign report
      • Intelligence estimate
    • The RFI Process
      • RFI request
      • RFI response
      • RFI flow example
        • RFI request
        • RFI response
    • Automated Consumption Products
      • Unstructured/semi-structured IOCs
        • Road Runner unstructured IOCs
      • Network signatures with Snort
        • Road Runner network signatures
      • Filesystem signatures with Yara
      • Automated IOC formats
  • Establishing a Rhythm
    • Distribution
    • Feedback
    • Regular Products
  • Conclusion
• III. The Way Forward
• 10. Strategic Intelligence
  • What Is Strategic Intelligence?
  • The Role of Strategic Intelligence in Intelligence-Driven Incident Response
  • Intelligence Beyond Incident Response
    • Red Teaming
    • Vulnerability Management
    • Architecture and Engineering
    • Privacy, Safety, and Physical Security
  • Building a Frame with Strategic Intelligence
    • Models for Strategic Intelligence
      • Target models
        • Hierarchical models
        • Network models
        • Process models
        • Timelines
  • The Strategic Intelligence Cycle
    • Setting Strategic Requirements
    • Collection
      • Geopolitical sources
      • Economic sources
      • Historical sources
      • Business sources
    • Analysis
      • Processes for analyzing strategic intelligence
        • SWOT analysis
        • Brainstorming
        • Scrub down
    • Dissemination
  • Moving Toward Anticipatory Intelligence
  • Conclusion
• 11. Building an Intelligence Program
  • Are You Ready?
  • Planning the Program
    • Defining Stakeholders
      • Incident-response team
      • Security operations center/team
      • Vulnerability management teams
      • Red teams/offensive engineers
      • Trust and safety teams
      • Chief information security officers
      • End users
    • Defining Goals
    • Defining Success Criteria
    • Identifying Requirements and Constraints
    • Think Strategically
    • Defining Metrics
  • Stakeholder Personas
  • Tactical Use Cases
    • SOC Support
      • Detection and alerting engineering
      • Triage
      • Situational awareness
    • Indicator Management
      • Threat-intelligence platform management
      • Third-party intelligence and feeds management
      • Updating indicators
  • Operational Use Cases
    • Campaign Tracking
      • Identify the campaign focus
      • Identifying tools and tactics
      • Response support
  • Strategic Use Cases
    • Architecture Support
      • Improve defensibility
      • Focus defenses on threats
    • Risk Assessment/Strategic Situational Awareness
  • Strategic to Tactical or Tactical to Strategic?
    • Critical Information Needs
  • The Intelligence Team
    • Building a Diverse Team
    • Team and Process Development
  • Demonstrating Intelligence Program Value
  • Conclusion
• Index