Incident Response Techniques for Ransomware Attacks

(ebook) (audiobook) (audiobook)

Autor:: Oleg Skulkin

Incident Response Techniques for Ransomware Attacks Oleg Skulkin - okładka książki

Incident Response Techniques for Ransomware Attacks Oleg Skulkin - okładka audiobooka MP3

Incident Response Techniques for Ransomware Attacks Oleg Skulkin - okładka audiobooks CD

Wydawnictwo:: Packt Publishing (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 228
Dostępne formaty:: PDF

ePub

Ebook

149,00 zł

Dodaj do koszyka lub Kup na prezent Kup 1-kliknięciem

Przenieś na półkę

Do przechowalni

Ransomware attacks have become the strongest and most persistent threat for many companies around the globe. Building an effective incident response plan to prevent a ransomware attack is crucial and may help you avoid heavy losses. Incident Response Techniques for Ransomware Attacks is designed to help you do just that.

This book starts by discussing the history of ransomware, showing you how the threat landscape has changed over the years, while also covering the process of incident response in detail. You'll then learn how to collect and produce ransomware-related cyber threat intelligence and look at threat actor tactics, techniques, and procedures. Next, the book focuses on various forensic artifacts in order to reconstruct each stage of a human-operated ransomware attack life cycle. In the concluding chapters, you'll get to grips with various kill chains and discover a new one: the Unified Ransomware Kill Chain.

By the end of this ransomware book, you'll be equipped with the skills you need to build an incident response strategy for all ransomware attacks.

Wybrane bestsellery

Oleg Skulkin - pozostałe książki

Ebooka przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolonych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video zobaczysz:

Oceny i opinie klientów: Incident Response Techniques for Ransomware Attacks Oleg Skulkin (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.

Szczegóły książki

Tytuł oryginału:: Incident Response Techniques for Ransomware Attacks
ISBN Ebooka:: 978-18-032-3399-4, 9781803233994
Data wydania ebooka:: 2022-04-14 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@helion.pl.
Język publikacji:: angielski
Rozmiar pliku Pdf:: 12.1MB
Rozmiar pliku ePub:: 18.9MB

Kategorie:
Hacking » Bezpieczeństwo systemów

Spis treści książki

Incident Response Techniques for Ransomware Attacks
Contributors
About the author
About the reviewer
Preface
- Who this book is for
- What this book covers
- Download the color images
- Conventions used
- Get in touch
- Disclaimer
- Share Your Thoughts
Section 1: Getting Started with a Modern Ransomware Attack
Chapter 1: The History of Human-Operated Ransomware Attacks
- 2016 SamSam ransomware
  - Who was behind the SamSam ransomware
- 2017 BitPaymer ransomware
  - The mastermind behind the BitPaymer ransomware
- 2018 Ryuk ransomware
  - Who was behind the Ryuk ransomware?
- 2019-present ransomware-as-a-service
  - Who was behind ransomware-as-a-service programs?
- Summary
Chapter 2: The Life Cycle of a Human-Operated Ransomware Attack
- Initial attack vectors
  - RDP compromise
  - Spear phishing
  - Software vulnerabilities
- Post-exploitation
- Data exfiltration
- Ransomware deployment
- Summary
Chapter 3: The Incident Response Process
- Preparation for an incident
  - The team
  - The infrastructure
- Threat detection and analysis
- Containment, eradication, and recovery
- Post-incident activity
- Summary
Section 2: Know Your Adversary: How Ransomware Gangs Operate
Chapter 4: Cyber Threat Intelligence and Ransomware
- Strategic cyber threat intelligence
- Operational cyber threat intelligence
- Tactical cyber threat intelligence
- Summary
Chapter 5: Understanding Ransomware Affiliates Tactics, Techniques, and Procedures
- Gaining initial access
  - External remote services (T1133)
  - Exploiting public-facing applications (T1190)
  - Phishing (T1566)
  - Supply chain compromise (T1195)
- Executing malicious code
  - User execution (T1204)
  - Command and scripting interpreters (T1059)
  - Exploitation for client execution (T1203)
  - Windows Management Instrumentation (T1047)
- Obtaining persistent access
  - Valid accounts (T1078)
  - Create account (T1136)
  - Boot or logon autostart execution (T1547)
  - Scheduled task/job (T1053)
  - Server software component (T1505)
- Escalating privileges
  - Exploiting for privilege escalation (T1068)
  - Creating or modifying system process (T1543)
  - Process injection (T1055)
  - Abuse elevation control mechanism (T1548)
- Bypassing defenses
  - Exploiting for defense evasion (T1211)
  - Deobfuscating/decoding files or information (T1140)
  - File and directory permissions modification (T1222)
  - Impairing defenses (T1562)
  - Indicator removal on host (T1070)
  - Signed binary proxy execution (T1218)
- Accessing credentials
  - Brute force (T1110)
  - OS credential dumping (T1003)
  - Steal or forge Kerberos tickets (T1558)
- Moving laterally
  - Exploiting remote services (T1210)
  - Remote services (T1021)
  - Using alternate authentication material (T1550)
- Collecting and exfiltrating data
  - Data from local system (T1005)
  - Data from network shared drives (T1039)
  - Email collection (T1114)
  - Archive collected data (T1560)
  - Exfiltration over web service (T1567)
  - Automated exfiltration (T1020)
- Ransomware deployment
  - Inhibit system recovery (T1490)
  - Data encrypted for impact (T1490)
- Summary
Chapter 6: Collecting Ransomware-Related Cyber Threat Intelligence
- Threat research reports
- Community
- Threat actors
- Summary
Section 3: Practical Incident Response
Chapter 7: Digital Forensic Artifacts and Their Main Sources
- Volatile memory collection and analysis
- Non-volatile data collection
- Master file table
- Prefetch files
- LNK files
- Jump lists
- SRUM
- Web browsers
- Windows Registry
- Windows event logs
- Other log sources
- Summary
Chapter 8: Investigating Initial Access Techniques
- Collecting data sources for an external remote service abuse investigation
- Investigating an RDP brute-force attack
- Collecting data sources for a phishing attack investigation
- Investigating a phishing attack
- Summary
Chapter 9: Investigating Post-Exploitation Techniques
- Investigating credential access techniques
  - Credential dumping with hacking tools
  - Credential dumping with built-in tools
  - Kerberoasting
- Investigating reconnaissance techniques
  - Network scanning
  - Active Directory reconnaissance
- Investigating lateral movement techniques
  - Administrative shares
  - PsExec
  - RDP
- Summary
Chapter 10: Investigating Data Exfiltration Techniques
- Investigating web browser abuse for data exfiltration
- Investigating cloud service client application abuse for data exfiltration
- Investigating third-party cloud synchronization tool abuse for data exfiltration
- Investigating the use of custom data exfiltration tools
- Summary
Chapter 11: Investigating Ransomware Deployment Techniques
- Investigation of abusing RDP for ransomware deployment
- Crylock ransomware overview
- Investigation of Administrative shares for ransomware deployment
- REvil ransomware overview
- Investigation of Group Policy for ransomware deployment
- LockBit ransomware overview
- Summary
Chapter 12: The Unified Ransomware Kill Chain
- Cyber Kill Chain
  - Reconnaissance
  - Weaponization
  - Delivery
  - Exploitation
  - Installation
  - Command and Control (C2)
  - Actions on Objectives
- MITRE ATT&CK
  - Reconnaissance
  - Resource development
  - Initial access
  - Execution
  - Persistence
  - Privilege escalation
  - Defense evasion
  - Credential access
  - Discovery
  - Lateral movement
  - Collection
  - Command and control
  - Exfiltration
  - Impact
- The Unified Kill Chain
  - Initial Foothold
  - Network Propagation
  - Actions on Objectives
- The Unified Ransomware Kill Chain
  - Gain Access to the Network
  - Establish Foothold
  - Network Discovery
  - Key Assets Discovery
  - Network Propagation
  - Data Exfiltration
  - Deployment Preparation
  - Ransomware Deployment
  - Extortion
- Summary
- Why subscribe?
Other Books You May Enjoy
- Packt is searching for authors like you
- Share Your Thoughts

pokaż cały spis treści