Foro Wanako1
¿Quieres reaccionar a este mensaje? Regístrate en el foro con unos pocos clics o inicia sesión para continuar.

Foro Wanako1

Programas Gratuitos, Desatendidos y Mucho más!!!
 
PortalPortal  ÍndiceÍndice  BuscarBuscar  Últimas imágenesÚltimas imágenes  ConectarseConectarse  RegistrarseRegistrarse  
Buscar
 
 

Resultados por:
 
Rechercher Búsqueda avanzada
Los posteadores más activos del mes
missyou123
Sdf: Persistence Fast  Triage Vote_lcapSdf: Persistence Fast  Triage Voting_barSdf: Persistence Fast  Triage Vote_rcap 
tano1221
Sdf: Persistence Fast  Triage Vote_lcapSdf: Persistence Fast  Triage Voting_barSdf: Persistence Fast  Triage Vote_rcap 
ПΣӨƧӨFƬ
Sdf: Persistence Fast  Triage Vote_lcapSdf: Persistence Fast  Triage Voting_barSdf: Persistence Fast  Triage Vote_rcap 
大†Shinegumi†大
Sdf: Persistence Fast  Triage Vote_lcapSdf: Persistence Fast  Triage Voting_barSdf: Persistence Fast  Triage Vote_rcap 
ℛeℙ@¢ᴋ€r
Sdf: Persistence Fast  Triage Vote_lcapSdf: Persistence Fast  Triage Voting_barSdf: Persistence Fast  Triage Vote_rcap 
ronaldinho424
Sdf: Persistence Fast  Triage Vote_lcapSdf: Persistence Fast  Triage Voting_barSdf: Persistence Fast  Triage Vote_rcap 
Engh3
Sdf: Persistence Fast  Triage Vote_lcapSdf: Persistence Fast  Triage Voting_barSdf: Persistence Fast  Triage Vote_rcap 
geodasoft
Sdf: Persistence Fast  Triage Vote_lcapSdf: Persistence Fast  Triage Voting_barSdf: Persistence Fast  Triage Vote_rcap 
Noviembre 2024
LunMarMiérJueVieSábDom
    123
45678910
11121314151617
18192021222324
252627282930 
CalendarioCalendario
Últimos temas
» Surviving a School Shooting - Active Shooter
Sdf: Persistence Fast  Triage EmptyHoy a las 10:41 pm por missyou123

» Supply Chain Analytics Course: Unlock Data Driven Efficiency
Sdf: Persistence Fast  Triage EmptyHoy a las 10:38 pm por missyou123

» Sunlit Shark - Explore The Lifting Technique In Watercolor
Sdf: Persistence Fast  Triage EmptyHoy a las 10:36 pm por missyou123

» Soul Purpose Course
Sdf: Persistence Fast  Triage EmptyHoy a las 10:34 pm por missyou123

» Solving Social Anxiety at the Root
Sdf: Persistence Fast  Triage EmptyHoy a las 10:32 pm por missyou123

» Self-Guided Learning With Chatgpt: Learn Faster With Ai
Sdf: Persistence Fast  Triage EmptyHoy a las 10:30 pm por missyou123

» Secrets To Getting Pro Sounding Vocals In Fl Studio
Sdf: Persistence Fast  Triage EmptyHoy a las 10:28 pm por missyou123

» Reducing Work Stress - 2-Course Bundle
Sdf: Persistence Fast  Triage EmptyHoy a las 10:26 pm por missyou123

» QuickBooks Desktop For Landlords
Sdf: Persistence Fast  Triage EmptyHoy a las 10:24 pm por missyou123

Sondeo
Visita de Paises
free counters
Free counters

Comparte | 
 

 Sdf: Persistence Fast Triage

Ver el tema anterior Ver el tema siguiente Ir abajo 
AutorMensaje
missyou123
Miembro Mayor
Miembro Mayor


Mensajes : 78667
Fecha de inscripción : 21/08/2016

Sdf: Persistence Fast  Triage Empty
MensajeTema: Sdf: Persistence Fast Triage   Sdf: Persistence Fast  Triage EmptyVie Dic 23, 2022 12:29 pm


Sdf: Persistence Fast  Triage C34eb8b9668c3dfb68f8c34752639ea7

Published 12/2022
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.92 GB | Duration: 2h 51m

Practical Strategies for Security Incident Response

What you'll learn
Learn how to triage Windows systems for evidence of compromise quickly
Learn about key artifacts used for targeted persistence analysis
Learn Splunk logic for fast triage
Learn by doing - practical exercises - basic python with some powershell
Learn by doing - practical exercises - convert EVTX files to CSV with open-source tools
Requirements
Understanding of basic Windows security\ forensics
Understanding of the concept of a SIEM
Understanding of security incident response process\ goals
Basic understanding of CMD commands\ powershell commands\ python
Windows test system
Description
Research conducted on malicious campaigns found the successful establishment of a persistence mechanism(s) necessary for the attacker to achieve their goals. Installing persistence is a choke point in the attack method and provides an opportunity for detection through the analysis of affected system artifacts.The identification of a compromised system is a high priority. Discovering the compromise early during an investigation improves scoping, containment, mitigation, and remediation efforts. If persistence is not detected, it may reduce the perceived risk of the system. Either finding is valuable for making resource assignment decisions.This class teaches you how to utilize readily available artifacts to uncover persistence mechanisms quickly. Each module breaks down the artifact from a DFIR point of view, identifying key elements and analysis strategy guidelines along the way. Just about any forensic platform or security appliance may be used once you understand how to approach the artifact. Splunk is used to provide SIEM logic examples. Open-source tools, with a little python scripting, is used for the practical exercises. The completed python scripts are provided as well.The main artifact categories covers evidence that appears in investigations repeatedly:Windows event logs for servicesWindows event logs for scheduled tasks Windows registry autoruns and registry modification events.
Overview
Section 1: Introduction
Lecture 1 Intro & About Fast Triage
Lecture 2 About the Series
Lecture 3 About the Modules
Section 2: Triage concepts
Lecture 4 About malware patterns
Lecture 5 About frequency analysis
Lecture 6 About behavioral indicators
Section 3: Persistence Triage
Lecture 7 Overview
Lecture 8 Triage questions
Section 4: New Service Installations (7045 | 4697)
Lecture 9 About New Service Installations
Lecture 10 Key Event Elements
Lecture 11 Triage Guidelines
Lecture 12 Triage Example: New Service Names by Frequency
Lecture 13 Triage Example: New Service Names with Details
Lecture 14 Triage Example: New Service Names by Service Account
Lecture 15 Triage Example: New Service Names by Start Types
Lecture 16 Triage Example: New Service Names by Service Types
Lecture 17 Practical: Setup
Lecture 18 Practical: Converting EVTX to CSV
Lecture 19 Practical: Scoping results
Lecture 20 Practical: Python script for 7045 & 4697 events
Lecture 21 Practical: Python script results
Section 5: Service Failed to Start (7009)
Lecture 22 About Failed to Start events
Lecture 23 Triage Example
Section 6: Service Started (7035) or Stopped (7036)
Lecture 24 About service Start and Stop events
Lecture 25 Triage Example
Lecture 26 Practical: Setup
Lecture 27 Practical: Converting EVTX to CSV
Lecture 28 Practical: Scoping results
Lecture 29 Practical: Python script for 7036 events
Lecture 30 Practical: Python script results
Section 7: Service Start Type Changed (7040)
Lecture 31 About Start Type Change Events
Lecture 32 Triage Example
Section 8: Service Crashed (7034)
Lecture 33 About Service Crash Events
Lecture 34 Triage Example
Section 9: Service Event Timeline
Lecture 35 Service Event Timeline & Quiz
Section 10: New Scheduled Tasks (4698)
Lecture 36 About New Scheduled Tasks
Lecture 37 Key Event Elements
Lecture 38 Triage Guidelines
Lecture 39 Triage Example
Lecture 40 Practical: Setup
Lecture 41 Practical: Converting EVTX to CSV
Lecture 42 Practical: Scoping results
Lecture 43 Practical: Python script for 4698 events
Lecture 44 Practical: Python script results
Section 11: Scheduled Task Enabled (4700) | Updated (4702)
Lecture 45 About Scheduled Task Enabled and Updated Events
Lecture 46 Key Event Elements
Lecture 47 Triage Guidelines
Lecture 48 Triage Example
Section 12: Scheduled Task Disabled (4701) | Deleted (4699)
Lecture 49 About Scheduled Task Disabled and Deleted Events
Lecture 50 Key Event Elements
Lecture 51 Triage Guidelines
Lecture 52 Triage Example
Section 13: Registry Background for Triage
Lecture 53 Introduction
Lecture 54 About the registry
Lecture 55 Registry entry breakdown
Lecture 56 Run and RunOnce
Lecture 57 Boot execute
Lecture 58 Run services
Lecture 59 Startup items
Lecture 60 Policy settings
Lecture 61 WinLogon
Section 14: Registry modifications (4657)
Lecture 62 About registry modification events
Lecture 63 Key event elements
Lecture 64 Triage guidelines
Lecture 65 Triage example
Section 15: Conclusion
Lecture 66 Conclusion
New security incident response analysts,New SOC analysts,New threat hunters,Students,DFIR professionals

Sdf: Persistence Fast  Triage 4afc7f9f2111d413d1e07f9c89ae46b5

Download link

rapidgator.net:
Código:

https://rapidgator.net/file/5f3a78234e1236f66cff88bad6d21873/xgtje.Sdf.Persistence.Fast.Triage.part1.rar.html
https://rapidgator.net/file/f7f41ab45334b3d908fddb78a78b0007/xgtje.Sdf.Persistence.Fast.Triage.part2.rar.html
https://rapidgator.net/file/fd5e60717348d276b34f34e5b45bca2b/xgtje.Sdf.Persistence.Fast.Triage.part3.rar.html
https://rapidgator.net/file/5e90e9ef90bfe33678652ae4a5576c8b/xgtje.Sdf.Persistence.Fast.Triage.part4.rar.html

uploadgig.com:
Código:

https://uploadgig.com/file/download/08ffbb0a7DA5458D/xgtje.Sdf.Persistence.Fast.Triage.part1.rar
https://uploadgig.com/file/download/7743D5bc03a2746c/xgtje.Sdf.Persistence.Fast.Triage.part2.rar
https://uploadgig.com/file/download/84e1E2B1af8AfF16/xgtje.Sdf.Persistence.Fast.Triage.part3.rar
https://uploadgig.com/file/download/7f9a1c069B25b058/xgtje.Sdf.Persistence.Fast.Triage.part4.rar

nitroflare.com:
Código:

https://nitroflare.com/view/8A95790AB890E98/xgtje.Sdf.Persistence.Fast.Triage.part1.rar
https://nitroflare.com/view/855E08F8F9C4A2C/xgtje.Sdf.Persistence.Fast.Triage.part2.rar
https://nitroflare.com/view/AF8B7EFD16BE924/xgtje.Sdf.Persistence.Fast.Triage.part3.rar
https://nitroflare.com/view/9AFA3A898A80B31/xgtje.Sdf.Persistence.Fast.Triage.part4.rar

1dl.net:
Código:

https://1dl.net/oldxht7h3qrx/xgtje.Sdf.Persistence.Fast.Triage.part1.rar
https://1dl.net/ajs6cwimnzga/xgtje.Sdf.Persistence.Fast.Triage.part2.rar
https://1dl.net/lv5e2qlfd3np/xgtje.Sdf.Persistence.Fast.Triage.part3.rar
https://1dl.net/1q04ny1caisp/xgtje.Sdf.Persistence.Fast.Triage.part4.rar
Volver arriba Ir abajo
En línea
 

Sdf: Persistence Fast Triage

Ver el tema anterior Ver el tema siguiente Volver arriba 
Página 1 de 1.

 Temas similares

-
» Learn How to Multiply Fast (Fast Multiplication Techniques)
» Security Event Triage Detecting System Anomalies
» Security Event Triage: Monitoring Network Application Services
» Security Event Triage: Monitoring Network Application Services
» Security Event Triage Statistical Baselining with SIEM Data Integration

Permisos de este foro:No puedes responder a temas en este foro.
Foro Wanako1 :: Programas o Aplicaciónes :: Ayuda, Tutoriales-