Security Event Triage: Detecting System Anomalies

Focused View

Aaron Rosenmund

1:47:42

26 View

00. Course Overview

00. Course Overview.mp4

01:52

01. Introduction to System Telemetry Analysis

00. Introducing Telemetry Data.mp4

02:36

01. Why Are You Doing This - .mp4

04:46

02. What System Data Looks Like.mp4

09:34

03. Where to Get System Data From.mp4

01:22

04. What Anomalies Are You Trying to Find - .mp4

01:42

05. Roadmap to System Data Analysis.mp4

00:55

02. Analyzing the Computing Basics

00. Introduction to Basic Computer Resource Monitoring.mp4

02:18

01. Collecting and Normalizing Basic Telemetry Data for Security.mp4

06:18

02. If I Had the Bots, How Would I Know - .mp4

02:06

03. Detecting Post Exploitation Botnet Activity.mp4

11:28

04. Advanced Persistent Threats Are Worse Than Bots.mp4

03:01

05. Listen to My Hard Drive Yourself.mp4

02:02

06. Detection for Attack Techniques and What Is Next.mp4

06:29

03. Leveraging Graphics Processing Indicators

00. Introduction to Crypto Jacking, Mining, and Loot.mp4

01:52

01. How Crypto Mining Attacks Work and Where to Find Them.mp4

03:49

02. Detecting Browser Based Cryptojacking and GPU Mining across a Live Environment.mp4

12:53

03. Describing Behavioral Detection of GPU Abuse.mp4

02:59

04. Uncovering Significance of Power and Fans, Lights

00. Introduction to Fan and Power Side Channels.mp4

01:39

01. How Air Gap Hopping without USB Works.mp4

03:11

02. Demonstrating Air Gap Hopping with Fan Speeds and How to Catch It.mp4

03:30

03. How Could You Possibly Find Hardware Supply Chain Interdiction - .mp4

03:29

04. Detecting Anomalous Hardware Configurations through Power Usage Anomalies.mp4

07:23

05. Implications of Power and Network Correlation Anomalies.mp4

03:20

05. Incorporating Telemetry Analysis in Triage Workflow

00. Telemetry Data Is One Piece of the Larger Puzzle.mp4

01:16

01. Where Telemetry Anomalies Fit in a Chain of Compromise.mp4

03:10

02. The Place of Telemetry Data in Security Event Triage.mp4

02:42

Description

In this course on system anomaly detection, you will explore the use of CPU, RAM, GPU, fans, and power resource usage data to reveal various advanced attacker techniques and uncover events associated with hardware supply chain interdiction.

What You'll Learn?

Developing the skills necessary for a security analyst to properly detect and triage advanced attacker intrusion tactics and techniques requires experience and the use of advanced detection capabilities. Neither of which are easily obtained. In this course, Security Event Triage: Detecting System Anomalies, you will learn foundational knowledge required to baseline different machine performance data and triage deviations from that baseline that can indicate a stealthy adversary’s presence in your environment when all other methods have failed. First, you will learn about CPU, RAM, and Hard drive metric data and how it can be used to detect anything from botnets to the use of hard drives as microphones for side-channel espionage. Next, you will discover the techniques used for “in-browser” crypto-jacking or malware delivered crypto mining activity by monitoring browser activity and GPU usage that stands out from the established baseline for normal applications. Finally, you will look at fan speeds and power usage to identify air-gapped network hopping techniques and hardware supply chain compromise. When you are finished with this course, you will have the skills and knowledge of not only how a multitude of advanced attacker techniques are performed, but also what they look like in a realistic environment and how to identify them as part of your security analyst operations.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Cyber Security

Network Security

Information Security

Computer Network

IT Networking Fundamentals

Network Engineering

Aaron Rosenmund

Instructor's Courses

Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber security workforce and technologies for business and national enterprises alike. In support of the Air National Guard, he contributes those skills part time in various initiatives to defend the nation in cyberspace. Certifications: GIAC GCIA, GIAC GCED, CCNA Cyber Operations, Pentest+, CySa+, CASP www.AaronRosenmund.com @arosenmund "ironcat"

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.