Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Conventions used
• Disclaimer
• Get in touch
• Share Your Thoughts

1. Part 1: Email Investigation Techniques

2. Chapter 1: Investigating Email Threats FREE CHAPTER

• Top infection vectors
• Why do attackers prefer phishing emails to gain initial access?
• Email threat types
• Attacker techniques to evade email security detection
• Social engineering techniques to trick the victim
• The anatomy of secure email gateway logs
• Investigating suspicious emails
• Summary

3. Chapter 2: Email Flow and Header Analysis

• Email flow
• Email header analysis
• Investigating the email header of a spoofed message
• Summary

4. Part 2: Investigating Windows Threats by Using Event Logs

5. Chapter 3: Introduction to Windows Event Logs

• Windows event types
• Windows event log analysis tools
• The investigative approach for this part of the book
• Summary

6. Chapter 4: Tracking Accounts Login and Management

• Account login tracking
• Login validation events
• Account and group management tracking
• Summary

7. Chapter 5: Investigating Suspicious Process Execution Using Windows Event Logs

• Introduction to Windows processes
• Windows process types
• Windows Process Tracking events
• Investigating suspicious process executions
• Summary

8. Chapter 6: Investigating PowerShell Event Logs

• Introducing PowerShell
• PowerShell execution tracking events
• Investigating PowerShell attacks
• Summary

9. Chapter 7: Investigating Persistence and Lateral Movement Using Windows Event Logs

• Understanding and investigating persistence techniques
• Understanding and investigating lateral movement techniques
• Summary

10. Part 3: Investigating Network Threats by Using Firewall and Proxy Logs

11. Chapter 8: Network Firewall Logs Analysis

• Firewall logs value
• Firewall logs anatomy
• Summary

12. Chapter 9: Investigating Cyber Threats by Using the Firewall Logs

• Investigating reconnaissance attacks
• Investigating lateral movement attacks
• Investigating C&C and exfiltration attacks
• Investigating DoS attacks
• Summary

13. Chapter 10: Web Proxy Logs Analysis

• Understanding the value of proxy logs
• The significance of proxy log investigation
• The anatomy of proxy logs
• Summary

14. Chapter 11: Investigating Suspicious Outbound Communications (C&C Communications) by Using Proxy Logs

• Suspicious outbound communications alerts
• Investigating suspicious outbound communications (C&C communications)
• Summary

15. Part 4: Investigating Other Threats and Leveraging External Sources to Investigate Cyber Threats

16. Chapter 12: Investigating External Threats

• Investigating web attacks
• Investigating suspicious external access to the remote services
• Summary

17. Chapter 13: Investigating Network Flows and Security Solutions Alerts

• Investigating network flows
• Investigating IPS/IDS alerts
• Investigating endpoint security solutions alerts
• Investigating network sandbox and AV alerts
• Summary

18. Chapter 14: Threat Intelligence in a SOC Analyst’s Day

• Introduction to threat intelligence
• Investigating threats using VirusTotal
• Investigating threats using IBM X-Force Exchange
• Investigating suspicious inbound IPs using AbuseIPDB
• Investigating threats using Google
• Summary

19. Chapter 15: Malware Sandboxing – Building a Malware Sandbox

• Introducing the sandbox technology
• Required tools for analysis
• Preparing the guest VM
• Analysis tools in action
• Hands-on demo lab
• Summary

20. Index

• Why subscribe?

21. Other Books You May Enjoy

• Packt is searching for authors like you
• Share Your Thoughts
• Download a free PDF copy of this book