Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Conventions used
• Get in touch
• Share Your Thoughts

1. Part 1: Understanding the Threat Landscape and Attack Life Cycle

2. Chapter 1: Introduction to the Threat Landscape FREE CHAPTER

• Getting familiar with the cyber threat landscape
• Types of threat actors and their motivations
• Building the cyber threat landscape
• Summary

3. Chapter 2: Understanding the Attack Life Cycle

• Phase 1 – gaining an initial foothold
• Phase 2
• Phase 3
• Data exfiltration
• Impact
• Summary

4. Part 2: Incident Response Procedures and Endpoint Forensic Evidence Collection

5. Chapter 3: Phases of an Efficient Incident Response on Windows Infrastructure

• Incident response roles, resources, and problem statements
• Preparation and planning – developing an effective incident response plan
• Detection and verification – identifying, assessing, 
and confirming cybersecurity incidents targeting Windows systems
• Incident analysis and containment – investigating and stopping the spread of cyberattacks
• Eradication and recovery – removing the intrusion signs and getting back to normal
• Summary

6. Chapter 4: Endpoint Forensic Evidence Collection

• Introduction to endpoint evidence collection
• Collecting data from the endpoints
• Scaling forensic evidence collection
• Summary

7. Part 3: Incident Analysis and Threat Hunting on Windows Systems

8. Chapter 5: Gaining Access to the Network

• Exploiting public-facing applications
• External remote services
• Spear phishing attacks
• Drive-by compromise
• Other initial access techniques
• Summary

9. Chapter 6: Establishing a Foothold

• Methods of post-exploitation
• Maintaining persistent access on Windows systems
• Understanding C2 communication channels
• Summary

10. Chapter 7: Network and Key Assets Discovery

• Techniques to discover the Windows environment
• Detecting discovery
• Interim data exfiltration
• Summary

11. Chapter 8: Network Propagation

• Lateral movement in the Windows environment
• Detecting lateral movement
• Cyclicity of intermediate stages
• Summary

12. Chapter 9: Data Collection and Exfiltration

• Types of data targeted by attackers
• Techniques to perform data collection
• Techniques to perform data exfiltration
• Detecting data collection and exfiltration
• Summary

13. Chapter 10: Impact

• Types of impact
• Impact assessment
• Mitigating the impact
• Summary

14. Chapter 11: Threat Hunting and Analysis of TTPs

• An overview of threat hunting
• Leveraging cyber threat intelligence
• Hunting for threats on Windows systems
• Anomaly detection – spotting intrusions in Windows environments
• Building a threat hunting practice – roles and skills
• Summary

15. Part 4: Incident Investigation Management and Reporting

16. Chapter 12: Incident Containment, Eradication, and Recovery

• The prerequisites and process of incident containment
• The prerequisites and process of incident eradication
• Prerequisites and process of incident recovery
• Preparing incident remediation playbooks
• Summary

17. Chapter 13: Incident Investigation Closure and Reporting

• Incident closure
• Incident documentation
• Lessons learned
• External cybersecurity incident escalation channels
• Summary

18. Index

• Why subscribe?

19. Other Books You May Enjoy

• Packt is searching for authors like you
• Share Your Thoughts
• Download a free PDF copy of this book