ورود به حساب

نام کاربری گذرواژه

گذرواژه را فراموش کردید؟ کلیک کنید

حساب کاربری ندارید؟ ساخت حساب

ساخت حساب کاربری

نام نام کاربری ایمیل شماره موبایل گذرواژه

برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و واتساپ با ما در ارتباط باشید


09117307688 اتصال به واتساپ
09117179751 اتصال به واتساپ

در صورت ضروری بودن درخواست با پشتیبان تماس حاصل نمایید، پشتیبانی از طریق واتساپ ممکن است کمی طول بکشد

دسترسی نامحدود

برای کاربرانی که ثبت نام کرده اند

ضمانت بازگشت وجه

درصورت عدم همخوانی توضیحات با کتاب

پشتیبانی

از ساعت 7 صبح تا 10 شب

دانلود کتاب Practical Threat Intelligence and Data-Driven Threat Hunting

دانلود کتاب هوش تهدید عملی و شکار تهدید مبتنی بر داده

Practical Threat Intelligence and Data-Driven Threat Hunting

مشخصات کتاب

Practical Threat Intelligence and Data-Driven Threat Hunting

ویرایش:  
نویسندگان:   
سری:  
ISBN (شابک) : 9781838556372 
ناشر: Packt Publishing 
سال نشر: 2021 
تعداد صفحات:  
زبان: English 
فرمت فایل : EPUB (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود) 
حجم فایل: 30 Mb 

قیمت کتاب (تومان) : 55,000



ثبت امتیاز به این کتاب

میانگین امتیاز به این کتاب :
       تعداد امتیاز دهندگان : 4


در صورت تبدیل فایل کتاب Practical Threat Intelligence and Data-Driven Threat Hunting به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.

توجه داشته باشید کتاب هوش تهدید عملی و شکار تهدید مبتنی بر داده نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.


توضیحاتی در مورد کتاب هوش تهدید عملی و شکار تهدید مبتنی بر داده

ضمن کاوش نکات و تکنیک‌های متخصص، با اطلاعات تهدیدات سایبری و شکار تهدید مبتنی بر داده آشنا شوید ویژگی‌های کلیدی* محیطی را برای متمرکز کردن تمام داده‌ها در سرور Elasticsearch، Logstash و Kibana (ELK) تنظیم کنید که شکار تهدید را امکان‌پذیر می‌کند* شکار اتمی را انجام دهید برای شروع فرآیند شکار تهدید و درک محیط* شکار پیشرفته را با استفاده از MITER ATT انجام دهید


توضیحاتی درمورد کتاب به خارجی

Get to grips with cyber threat intelligence and data-driven threat hunting while exploring expert tips and techniquesKey Features* Set up an environment to centralize all data in an Elasticsearch, Logstash, and Kibana (ELK) server that enables threat hunting* Carry out atomic hunts to start the threat hunting process and understand the environment* Perform advanced hunting using MITRE ATT&CK Evals emulations and Mordor datasetsBook DescriptionThreat hunting (TH) provides cybersecurity analysts and enterprises with the opportunity to proactively defend themselves by getting ahead of threats before they can cause major damage to their business.This book is not only an introduction for those who don\'t know much about the cyber threat intelligence (CTI) and TH world, but also a guide for those with more advanced knowledge of other cybersecurity fields who are looking to implement a TH program from scratch.You will start by exploring what threat intelligence is and how it can be used to detect and prevent cyber threats. As you progress, you\'ll learn how to collect data, along with understanding it by developing data models. The book will also show you how to set up an environment for TH using open source tools. Later, you will focus on how to plan a hunt with practical examples, before going on to explore the MITRE ATT&CK framework.By the end of this book, you\'ll have the skills you need to be able to carry out effective hunts in your own environment.What you will learn* Understand what CTI is, its key concepts, and how it is useful for preventing threats and protecting your organization* Explore the different stages of the TH process* Model the data collected and understand how to document the findings* Simulate threat actor activity in a lab environment* Use the information collected to detect breaches and validate the results of your queries* Use documentation and strategies to communicate processes to senior management and the wider businessWho this book is forIf you are looking to start out in the cyber intelligence and threat hunting domains and want to know more about how to implement a threat hunting division with open-source tools, then this cyber threat intelligence book is for you.



فهرست مطالب

Cover
Title Page
Copyright and Credits
About Packt
Contributors
Table of Contents
Preface
Section 1: Cyber Threat Intelligence
Chapter 1: What Is Cyber Threat Intelligence?
	Cyber threat intelligence
		Strategic level
		Operational level
		Tactical level
	The intelligence cycle
		Planning and targeting
		Preparation and collection
		Processing and exploitation
		Analysis and production
		Dissemination and integration
		Evaluation and feedback
	Defining your intelligence requirements
	The collection process
		Indicators of compromise
		Understanding malware
		Using public sources for collection – OSINT
		Honeypots
		Malware analysis and sandboxing
	Processing and exploitation
		The Cyber Kill Chain®
	Bias and analysis
	Summary
Chapter 2: What Is Threat Hunting?
	Technical requirements
	What is threat hunting?
		Types of threat hunts
		The threat hunter skill set
		The Pyramid of Pain
	The Threat Hunting Maturity Model
		Determining our maturity model
	The threat hunting process
		The Threat Hunting Loop
		Threat Hunting Model
		The data-driven methodology
		TaHiTI – Targeted Hunting Integrating Threat Intelligence
	Building a hypothesis
	Summary
Chapter 3: Where Does Data Come From?
	Technical requirements
	Understanding the data that's been collected
		Operating systems basics
		Networking basics
	Windows-native tools
		Windows Event Viewer
		Windows Management Instrumentation (WMI)
		Event Tracing for Windows (ETW)
	Data sources
		Endpoint data
		Network data
		Security data
	Summary
Section 2: Understanding the Adversary
Chapter 4: Mapping the Adversary
	Technical requirements
	The ATT&CK Framework
		Tactics, techniques, sub-techniques, and procedures
		The ATT&CK Matrix
		The ATT&CK Navigator
	Mapping with ATT&CK
	Testing yourself
		Answers
	Summary
Chapter 5: Working with Data
	Technical requirements
	Using data dictionaries
		Open Source Security Events Metadata
	Using MITRE CAR
		CARET – The CAR Exploitation Tool
	Using Sigma
	Summary
Chapter 6: Emulating the Adversary
	Creating an adversary emulation plan
		What is adversary emulation?
		MITRE ATT&CK emulation plan
		Atomic Red Team
		Mordor
		Caldera
		Other tools
	Test yourself
		Answers
	Summary
Section 3: Working with a Research Environment
Chapter 7: Creating a Research Environment
	Technical requirements
	Setting up a research environment
	Installing VMware ESXI
		Creating our VLAN
		Configuring the firewall
	Installing Windows Server
	Configuring Windows Server as a domain controller
		Understanding the structure of Active Directory
		Giving the server's domain controller a status
		Configuring the DHCP server
		Creating organizational units
		Filling the users
		Creating groups
		Group Policy Objects
		Setting up our audit policy
		Adding new clients
	Setting up ELK
		Configuring Sysmon
		Retrieving the certificate
	Configuring Winlogbeat
		Looking for our data in the ELK instance
	Bonus – adding Mordor datasets to our ELK instance
	The HELK – an open source tool by Roberto Rodriguez
		Getting started with the HELK
Chapter 8: How to Query Data
	Technical requirements
	Atomic hunting with Atomic Red Team
	The Atomic Red Team testing cycle
		Testing for Initial Access
		Testing for Execution
		Testing for Persistence
		Testing for Privilege Escalation
		Testing for Defense Evasion
		Testing for Discovery
		Testing for Command and Control
		Invoke-AtomicRedTeam
	Quasar RAT
		Quasar RAT real-world use cases
		Executing and detecting Quasar RAT
		Testing for persistence
		Testing for credential access
		Testing for lateral movement
	Summary
Chapter 9: Hunting for the Adversary
	Technical requirements
	MITRE evaluations
		Importing APT29 datasets into HELK
		Hunting for APT29
	Using MITRE CALDERA
		Setting up CALDERA
		Executing an emulation plan with CALDERA
	Sigma rules
	Summary
Chapter 10: Importance of Documenting and Automating the Process
	The importance of documentation
		The key to writing good documentation
		Documenting your hunts
	The Threat Hunter Playbook
	The Jupyter Notebook
	Updating the hunting process
	The importance of automation
	Summary
Section 4: Communicating to Succeed
Chapter 11: Assessing Data Quality
	Technical requirements
	Distinguishing good-quality data from bad-quality data
		Data dimensions
	Improving data quality
		OSSEM Power-up
		DeTT&CT
		Sysmon-Modular
	Summary
Chapter 12: Understanding the Output
	Understanding the hunt results
	The importance of choosing good analytics
	Testing yourself
		Answers
	Summary
Chapter 13: Defining Good Metrics to Track Success
	Technical requirements
	The importance of defining good metrics
	How to determine the success of a hunting program
		Using MaGMa for Threat Hunting
	Summary
Chapter 14: Engaging the Response Team and Communicating the Result to Executives
	Getting the incident response team involved
	The impact of communication on the success of the threat hunting program
	Testing yourself
		Answers
	Summary
Appendix – The State of the Hunt
Other Books You May Enjoy
Index




نظرات کاربران