دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید
در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید
برای کاربرانی که ثبت نام کرده اند
درصورت عدم همخوانی توضیحات با کتاب
از ساعت 7 صبح تا 10 شب
ویرایش:
نویسندگان: Valentina Palacin
سری:
ISBN (شابک) : 9781838556372
ناشر: Packt Publishing
سال نشر: 2021
تعداد صفحات:
زبان: English
فرمت فایل : EPUB (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 30 Mb
در صورت ایرانی بودن نویسنده امکان دانلود وجود ندارد و مبلغ عودت داده خواهد شد
در صورت تبدیل فایل کتاب Practical Threat Intelligence and Data-Driven Threat Hunting به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب هوش تهدید عملی و شکار تهدید مبتنی بر داده نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
ضمن کاوش نکات و تکنیکهای متخصص، با اطلاعات تهدیدات سایبری و شکار تهدید مبتنی بر داده آشنا شوید ویژگیهای کلیدی* محیطی را برای متمرکز کردن تمام دادهها در سرور Elasticsearch، Logstash و Kibana (ELK) تنظیم کنید که شکار تهدید را امکانپذیر میکند* شکار اتمی را انجام دهید برای شروع فرآیند شکار تهدید و درک محیط* شکار پیشرفته را با استفاده از MITER ATT انجام دهید
Get to grips with cyber threat intelligence and data-driven threat hunting while exploring expert tips and techniquesKey Features* Set up an environment to centralize all data in an Elasticsearch, Logstash, and Kibana (ELK) server that enables threat hunting* Carry out atomic hunts to start the threat hunting process and understand the environment* Perform advanced hunting using MITRE ATT&CK Evals emulations and Mordor datasetsBook DescriptionThreat hunting (TH) provides cybersecurity analysts and enterprises with the opportunity to proactively defend themselves by getting ahead of threats before they can cause major damage to their business.This book is not only an introduction for those who don\'t know much about the cyber threat intelligence (CTI) and TH world, but also a guide for those with more advanced knowledge of other cybersecurity fields who are looking to implement a TH program from scratch.You will start by exploring what threat intelligence is and how it can be used to detect and prevent cyber threats. As you progress, you\'ll learn how to collect data, along with understanding it by developing data models. The book will also show you how to set up an environment for TH using open source tools. Later, you will focus on how to plan a hunt with practical examples, before going on to explore the MITRE ATT&CK framework.By the end of this book, you\'ll have the skills you need to be able to carry out effective hunts in your own environment.What you will learn* Understand what CTI is, its key concepts, and how it is useful for preventing threats and protecting your organization* Explore the different stages of the TH process* Model the data collected and understand how to document the findings* Simulate threat actor activity in a lab environment* Use the information collected to detect breaches and validate the results of your queries* Use documentation and strategies to communicate processes to senior management and the wider businessWho this book is forIf you are looking to start out in the cyber intelligence and threat hunting domains and want to know more about how to implement a threat hunting division with open-source tools, then this cyber threat intelligence book is for you.
Cover Title Page Copyright and Credits About Packt Contributors Table of Contents Preface Section 1: Cyber Threat Intelligence Chapter 1: What Is Cyber Threat Intelligence? Cyber threat intelligence Strategic level Operational level Tactical level The intelligence cycle Planning and targeting Preparation and collection Processing and exploitation Analysis and production Dissemination and integration Evaluation and feedback Defining your intelligence requirements The collection process Indicators of compromise Understanding malware Using public sources for collection – OSINT Honeypots Malware analysis and sandboxing Processing and exploitation The Cyber Kill Chain® Bias and analysis Summary Chapter 2: What Is Threat Hunting? Technical requirements What is threat hunting? Types of threat hunts The threat hunter skill set The Pyramid of Pain The Threat Hunting Maturity Model Determining our maturity model The threat hunting process The Threat Hunting Loop Threat Hunting Model The data-driven methodology TaHiTI – Targeted Hunting Integrating Threat Intelligence Building a hypothesis Summary Chapter 3: Where Does Data Come From? Technical requirements Understanding the data that's been collected Operating systems basics Networking basics Windows-native tools Windows Event Viewer Windows Management Instrumentation (WMI) Event Tracing for Windows (ETW) Data sources Endpoint data Network data Security data Summary Section 2: Understanding the Adversary Chapter 4: Mapping the Adversary Technical requirements The ATT&CK Framework Tactics, techniques, sub-techniques, and procedures The ATT&CK Matrix The ATT&CK Navigator Mapping with ATT&CK Testing yourself Answers Summary Chapter 5: Working with Data Technical requirements Using data dictionaries Open Source Security Events Metadata Using MITRE CAR CARET – The CAR Exploitation Tool Using Sigma Summary Chapter 6: Emulating the Adversary Creating an adversary emulation plan What is adversary emulation? MITRE ATT&CK emulation plan Atomic Red Team Mordor Caldera Other tools Test yourself Answers Summary Section 3: Working with a Research Environment Chapter 7: Creating a Research Environment Technical requirements Setting up a research environment Installing VMware ESXI Creating our VLAN Configuring the firewall Installing Windows Server Configuring Windows Server as a domain controller Understanding the structure of Active Directory Giving the server's domain controller a status Configuring the DHCP server Creating organizational units Filling the users Creating groups Group Policy Objects Setting up our audit policy Adding new clients Setting up ELK Configuring Sysmon Retrieving the certificate Configuring Winlogbeat Looking for our data in the ELK instance Bonus – adding Mordor datasets to our ELK instance The HELK – an open source tool by Roberto Rodriguez Getting started with the HELK Chapter 8: How to Query Data Technical requirements Atomic hunting with Atomic Red Team The Atomic Red Team testing cycle Testing for Initial Access Testing for Execution Testing for Persistence Testing for Privilege Escalation Testing for Defense Evasion Testing for Discovery Testing for Command and Control Invoke-AtomicRedTeam Quasar RAT Quasar RAT real-world use cases Executing and detecting Quasar RAT Testing for persistence Testing for credential access Testing for lateral movement Summary Chapter 9: Hunting for the Adversary Technical requirements MITRE evaluations Importing APT29 datasets into HELK Hunting for APT29 Using MITRE CALDERA Setting up CALDERA Executing an emulation plan with CALDERA Sigma rules Summary Chapter 10: Importance of Documenting and Automating the Process The importance of documentation The key to writing good documentation Documenting your hunts The Threat Hunter Playbook The Jupyter Notebook Updating the hunting process The importance of automation Summary Section 4: Communicating to Succeed Chapter 11: Assessing Data Quality Technical requirements Distinguishing good-quality data from bad-quality data Data dimensions Improving data quality OSSEM Power-up DeTT&CT Sysmon-Modular Summary Chapter 12: Understanding the Output Understanding the hunt results The importance of choosing good analytics Testing yourself Answers Summary Chapter 13: Defining Good Metrics to Track Success Technical requirements The importance of defining good metrics How to determine the success of a hunting program Using MaGMa for Threat Hunting Summary Chapter 14: Engaging the Response Team and Communicating the Result to Executives Getting the incident response team involved The impact of communication on the success of the threat hunting program Testing yourself Answers Summary Appendix – The State of the Hunt Other Books You May Enjoy Index