You're reading from Incident Response for Windows Adapt effective strategies for managing sophisticated cyberattacks targeting Windows systems

Product type Paperback

Published in Aug 2024

Publisher Packt

ISBN-13 9781804619322

Length 244 pages

Edition 1st Edition

Concepts

Cybersecurity

Authors (2):

Anatoly Tykushin

Svetlana Ostrovskaya

View More author details

Table of Contents (20) Chapters

Preface

1. Part 1: Understanding the Threat Landscape and Attack Life Cycle

2. Chapter 1: Introduction to the Threat Landscape FREE CHAPTER

3. Chapter 2: Understanding the Attack Life Cycle

4. Part 2: Incident Response Procedures and Endpoint Forensic Evidence Collection

5. Chapter 3: Phases of an Efficient Incident Response on Windows Infrastructure

6. Chapter 4: Endpoint Forensic Evidence Collection

7. Part 3: Incident Analysis and Threat Hunting on Windows Systems

8. Chapter 5: Gaining Access to the Network

9. Chapter 6: Establishing a Foothold

10. Chapter 7: Network and Key Assets Discovery

11. Chapter 8: Network Propagation

12. Chapter 9: Data Collection and Exfiltration

13. Chapter 10: Impact

14. Chapter 11: Threat Hunting and Analysis of TTPs

15. Part 4: Incident Investigation Management and Reporting

16. Chapter 12: Incident Containment, Eradication, and Recovery

17. Chapter 13: Incident Investigation Closure and Reporting

18. Index

Why subscribe?

19. Other Books You May Enjoy

Other initial access techniques

In addition to the initial access techniques described previously, threat actors may use Trusted Relationship (T1199) to exploit connections between individuals, networks, or systems. In this case, depending on the specific situation, the traceback process will be a different combination of some methods described earlier. The main difference is that the source of the malicious activity will be a trusted source. This could be service providers (SPs), partners, third-party solutions used within the organization, or companies within the same holding company. For example, LAPSUS$ in certain attacks used Azure Active Directory and Okta to infiltrate the target infrastructure (https://www.techtarget.com/searchsecurity/news/252515022/Microsoft-confirms-breach-attributes-attack-to-Lapsus), and in the case of SolarWinds, threat actors used compromised Mimecast certificates to authenticate to their customers (https://www.mimecast.com/incident-report/).

Replication...

The rest of the chapter is locked

You're reading from Incident Response for Windows Adapt effective strategies for managing sophisticated cyberattacks targeting Windows systems

Table of Contents (20) Chapters

Other initial access techniques

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you