Security Event Triage: Analyzing Live System Process and Files

Focused View

Cristian Pascariu

1:34:13

92 View

1 - Course Overview

1. Course Overview.mp4

01:54

2 - Defining Live System Analysis

1. Introduction.mp4

02:00

2. Addressing the Gaps of Traditional Security Capabilities.mp4

01:57

3. Defining Live System Analysis.mp4

04:11

4. Performing Live System Analysis.mp4

06:00

5. Progressing on the Security Event Triage Path.mp4

01:56

3 - Analyzing Host-based Indicators

01. Introduction.mp4

00:56

02. File Analysis Basics.mp4

03:40

03. Demo - Analyzing Files with Linux Command Line Tools.mp4

02:37

04. Analyzing Encoded Payloads.mp4

04:20

05. Investigating Malicious Use of Alternate Data Streams.mp4

04:04

06. Detecting Persistence via the Windows Registry.mp4

04:06

07. Detecting Persistence on Linux.mp4

01:27

08. Performing Live System Analysis on Linux.mp4

04:24

09. Signature-based Detection with Osquery.mp4

03:53

10. Leverage File Integrity Monitoring to Detect File Exfiltration.mp4

02:12

11. Module Overview.mp4

01:03

4 - Analyzing Live Processes and Services

1. Intro.mp4

01:35

2. Windows Processes and Services.mp4

03:50

3. Identify Process Anomalies on Linux.mp4

02:55

4. Analyzing Process Injection Techniques.mp4

04:27

5. Demo - Detecting Process Injection with Sysmon.mp4

02:04

6. Analyzing Process Hollowing.mp4

01:43

7. Demo - Detecting Process Tampering with Sysmon.mp4

03:38

5 - Leveraging Memory Analysis

1. Intro.mp4

02:34

2. Correlating Network Activity with Running Processes.mp4

04:59

3. Demo - Correlating Network Events to Discover Lateral Mvement.mp4

04:57

4. Set Analyzing Live System Process Files.mp4

03:11

5. Demo - Detecting Malicious Processes with Volatility.mp4

02:54

6 - Correlating Security Events

1. Summarizing Globomantics Security Incidents.mp4

02:06

2. Correlating Events at Scale.mp4

01:02

3. Additional Resources.mp4

01:38

Exercise Files

set-analyzing-live-system-process-files.zip

Description

Traditional forensic analysis on endpoints is outpaced by modern attack techniques. This course will teach you how to efficiently identify and investigate malicious activity by performing live system analysis on processes and files.

What You'll Learn?

Covert attack techniques coupled with the use of legitimate processes and utilities require more advanced detection and analysis techniques. In this course, Security Event Triage: Analyzing Live System Process and Files, you’ll learn how to leverage endpoint detection tools and techniques to detect attacks that bypass traditional signature and rule-based capabilities. First, you’ll explore how malware establishes persistence on disk or via the registry. Next, you’ll discover how to detect malware that injects itself into legitimate processes. Finally, you’ll learn how to correlate running processes with network connections to identify malicious processes but also C2 communication channels. When you’re finished with this course, you’ll have the skills and knowledge of live system analysis needed for Continuous monitoring and detection.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Network Security

Information Security

Cristian Pascariu

Instructor's Courses

Cristian took part in auditing and implementation of infosec capabilities to uplift security posture. He managed codification efforts to extract indicators of compromise and created rules in the scope of defending against new emerging threats. He has also developed tools and scripts to overcome security gaps within the corporate network. Cristian has mentored L1 and L2 analysts to increase triage efficiency and combat new threats. He has experience in the field of Application Security and has provided Source Code Auditing for AAA game titles on mobile and PC platforms. Cristian has delivered Secure Coding training to development teams based on common SDLC pitfalls and industry best practices.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.