Effective Threat Investigation for SOC Analysts - Mostafa Yahia

Effective Threat Investigation for SOC Analysts

The ultimate guide to examining various threats and attacker techniques using security logs

(Autor)

Buch | Softcover
314 Seiten
2023
Packt Publishing Limited (Verlag)
978-1-83763-478-1 (ISBN)
56,10 inkl. MwSt
Detect and investigate various cyber threats and techniques carried out by malicious actors by analyzing logs generated from different sources
Purchase of the print or Kindle book includes a free PDF eBook

Key Features

Understand and analyze various modern cyber threats and attackers' techniques
Gain in-depth knowledge of email security, Windows, firewall, proxy, WAF, and security solution logs
Explore popular cyber threat intelligence platforms to investigate suspicious artifacts

Book DescriptionEffective threat investigation requires strong technical expertise, analytical skills, and a deep understanding of cyber threats and attacker techniques. It's a crucial skill for SOC analysts, enabling them to analyze different threats and identify security incident origins. This book provides insights into the most common cyber threats and various attacker techniques to help you hone your incident investigation skills.
The book begins by explaining phishing and email attack types and how to detect and investigate them, along with Microsoft log types such as Security, System, PowerShell, and their events. Next, you’ll learn how to detect and investigate attackers' techniques and malicious activities within Windows environments. As you make progress, you’ll find out how to analyze the firewalls, flows, and proxy logs, as well as detect and investigate cyber threats using various security solution alerts, including EDR, IPS, and IDS. You’ll also explore popular threat intelligence platforms such as VirusTotal, AbuseIPDB, and X-Force for investigating cyber threats and successfully build your own sandbox environment for effective malware analysis.
By the end of this book, you’ll have learned how to analyze popular systems and security appliance logs that exist in any environment and explore various attackers' techniques to detect and investigate them with ease.What you will learn

Get familiarized with and investigate various threat types and attacker techniques
Analyze email security solution logs and understand email flow and headers
Practically investigate various Windows threats and attacks
Analyze web proxy logs to investigate C&C communication attributes
Leverage WAF and FW logs and CTI to investigate various cyber attacks

Who this book is forThis book is for Security Operation Center (SOC) analysts, security professionals, cybersecurity incident investigators, incident handlers, incident responders, or anyone looking to explore attacker techniques and delve deeper into detecting and investigating attacks. If you want to efficiently detect and investigate cyberattacks by analyzing logs generated from different log sources, then this is the book for you. Basic knowledge of cybersecurity and networking domains and entry-level security concepts are necessary to get the most out of this book.

Mostafa Yahia is a skilled and motivated threat investigator and hunter with a wealth of experience investigating and hunting down various cyber threats. He is a proven leader in building and leading cybersecurity-managed services such as SOC and threat-hunting services. Mostafa holds a bachelor's degree in computer science, which he earned in 2016, and has furthered his education by earning multiple industry-recognized certifications, including GCFA, GCIH, CCNA, and IBM QRadar. In addition to his professional work, Mostafa also shares his knowledge through free courses and lessons on his YouTube channel. Currently, he serves as the senior lead for cyber defence services in an MSSP company, overseeing SOC, TH, DFIR, and CA services.

Table of Contents

Investigating Email Threats
Email Flow and Header Analysis
Introduction to Windows Event Logs
Tracking Accounts Login and Management
Investigating Suspicious Process Execution Using Windows Event Logs
Investigating PowerShell Event Logs
Investigating Persistence and Lateral Movement Using Windows Event Logs
Network Firewall Logs Analysis
Investigating Cyber Threats by Using the Firewall Logs
Web Proxy Logs Analysis
Investigating Suspicious Outbound Communications (C&C Communications) by Using Proxy Logs
Investigating External Threats
Investigating Network Flows and Security Solutions Alerts
Threat Intelligence in a SOC Analyst's Day
Malware Sandboxing – Building a Malware Sandbox

Erscheinungsdatum
Verlagsort Birmingham
Sprache englisch
Maße 191 x 235 mm
Themenwelt Informatik Betriebssysteme / Server Windows
Informatik Netzwerke Sicherheit / Firewall
ISBN-10 1-83763-478-5 / 1837634785
ISBN-13 978-1-83763-478-1 / 9781837634781
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Insider-Wissen – praxisnah & kompetent

von Ed Bott

Buch | Hardcover (2023)
dpunkt (Verlag)
44,90
Daten abfragen und verarbeiten mit Excel und Power BI

von Ignaz A. Schels

Buch (2023)
Hanser (Verlag)
49,99