You're reading from Effective Threat Investigation for SOC Analysts The ultimate guide to examining various threats and attacker techniques using security logs

Product type Paperback

Published in Aug 2023

Publisher Packt

ISBN-13 9781837634781

Length 314 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Mostafa Yahia

View More author details

Table of Contents (22) Chapters

Preface

1. Part 1: Email Investigation Techniques

2. Chapter 1: Investigating Email Threats FREE CHAPTER

3. Chapter 2: Email Flow and Header Analysis

4. Part 2: Investigating Windows Threats by Using Event Logs

5. Chapter 3: Introduction to Windows Event Logs

6. Chapter 4: Tracking Accounts Login and Management

7. Chapter 5: Investigating Suspicious Process Execution Using Windows Event Logs

8. Chapter 6: Investigating PowerShell Event Logs

9. Chapter 7: Investigating Persistence and Lateral Movement Using Windows Event Logs

10. Part 3: Investigating Network Threats by Using Firewall and Proxy Logs

11. Chapter 8: Network Firewall Logs Analysis

12. Chapter 9: Investigating Cyber Threats by Using the Firewall Logs

13. Chapter 10: Web Proxy Logs Analysis

14. Chapter 11: Investigating Suspicious Outbound Communications (C&C Communications) by Using Proxy Logs

15. Part 4: Investigating Other Threats and Leveraging External Sources to Investigate Cyber Threats

16. Chapter 12: Investigating External Threats

17. Chapter 13: Investigating Network Flows and Security Solutions Alerts

18. Chapter 14: Threat Intelligence in a SOC Analyst’s Day

19. Chapter 15: Malware Sandboxing – Building a Malware Sandbox

20. Index

Why subscribe?

21. Other Books You May Enjoy

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “In this case, the user executed a malicious Microsoft Word document named RS4_WinATP-Intro-Invoice(9).dotm, which spawned the PowerShell.exe process to download the stage two malware file named Win-ATP-Intro-Backdoor.exe.”

A block of code is set as follows:

A new process has been created.

Creator Subject:

     Security ID:  S-1-5-21-2431329721-3629005211-3263396425-1105

     Account Name:  mostafa.yahia

     Account Domain:  soc

     Logon ID:  0x89553D

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

SELECT username,password FROM users WHERE username='' or 1=1; --' and password='';

Any command-line input or output is written as follows:

SELECT username,password FROM users WHERE username='Mostafa' and password='123456';

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: “The second section is the Object section, which consists of the Object Server field and is always Security.”

Tips or important notes

Appear like this.

The rest of the chapter is locked

You're reading from Effective Threat Investigation for SOC Analysts The ultimate guide to examining various threats and attacker techniques using security logs

Table of Contents (22) Chapters

Conventions used

Authors (1)

Personalised recommendations for you

You're reading from Effective Threat Investigation for SOC Analysts The ultimate guide to examining various threats and attacker techniques using security logs

Table of Contents (22) Chapters

Conventions used

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you