فهرست مطالب

• Incident Response for Windows
• Foreword
• Contributors
• About the authors
• About the reviewer
• Preface
• Part 1: Understanding the Threat Landscape and Attack Life Cycle
• Chapter 1: Introduction to the Threat Landscape
• Getting familiar with the cyber threat landscape
• Types of threat actors and their motivations
• Building the cyber threat landscape
• Summary
• Chapter 2: Understanding the Attack Life Cycle
• Phase 1 – gaining an initial foothold
• Phase 2
• Phase 3
• Data exfiltration
• Impact
• Summary
• Part 2: Incident Response Procedures and Endpoint Forensic Evidence Collection
• Chapter 3: Phases of an Efficient Incident Response on Windows Infrastructure
• Incident response roles, resources, and problem statements
• Preparation and planning – developing an effective incident response plan
• Detection and verification – identifying, assessing, and confirming cybersecurity incidents targeting Windows systems
• Incident analysis and containment – investigating and stopping the spread of cyberattacks
• Eradication and recovery – removing the intrusion signs and getting back to normal
• Summary
• Chapter 4: Endpoint Forensic Evidence Collection
• Introduction to endpoint evidence collection
• Collecting data from the endpoints
• Scaling forensic evidence collection
• Summary
• Part 3: Incident Analysis and Threat Hunting on Windows Systems
• Chapter 5: Gaining Access to the Network
• Exploiting public-facing applications
• External remote services
• Spear phishing attacks
• Drive-by compromise
• Other initial access techniques
• Summary
• Chapter 6: Establishing a Foothold
• Methods of post-exploitation
• Maintaining persistent access on Windows systems
• Understanding C2 communication channels
• Summary
• Chapter 7: Network and Key Assets Discovery
• Techniques to discover the Windows environment
• Detecting discovery
• Interim data exfiltration
• Summary
• Chapter 8: Network Propagation
• Lateral movement in the Windows environment
• Detecting lateral movement
• Cyclicity of intermediate stages
• Summary
• Chapter 9: Data Collection and Exfiltration
• Types of data targeted by attackers
• Techniques to perform data collection
• Techniques to perform data exfiltration
• Detecting data collection and exfiltration
• Summary
• Chapter 10: Impact
• Types of impact
• Impact assessment
• Mitigating the impact
• Summary
• Chapter 11: Threat Hunting and Analysis of TTPs
• An overview of threat hunting
• Leveraging cyber threat intelligence
• Hunting for threats on Windows systems
• Anomaly detection – spotting intrusions in Windows environments
• Building a threat hunting practice – roles and skills
• Summary
• Part 4: Incident Investigation Management and Reporting
• Chapter 12: Incident Containment, Eradication, and Recovery
• The prerequisites and process of incident containment
• The prerequisites and process of incident eradication
• Prerequisites and process of incident recovery
• Preparing incident remediation playbooks
• Summary
• Chapter 13: Incident Investigation Closure and Reporting
• Incident closure
• Incident documentation
• Lessons learned
• External cybersecurity incident escalation channels
• Summary
• Index
• Other Books You May Enjoy