איש צוות תגובה שלב 1

Introduction

MITRE ATT&CK

Cyber Kill Chain

TACTICS, TECHNIQUES & PROCEDURES

Incedint responde methodolgy

Proactive Hunt

Live Analysis

Ioc’s Vs Ioa’s

Know your process

Virtualization and Windows 10 Lab Setup

• Host & Network Based incidents
• Threats types
• Threat triage
• Operation system visabilty
• PS Transcription And User Sid

• The Sysinternals suite
• Process explorer Deep Dive
• Persistnce with Autoruns
• Autoruns CommandLine
• Exercise Scenario – Red Line Malware
• Unsigned binary detection
• Operation detection procmon
• Procmon Beautifier
• Njrat exercise – Detection and Response
• Network activity views
• Detect Source Zone Identifier
• System Resource Utilization Monitor
• RDP Cacheing
• ActivitiesCache

• Windows Event logs
• Event Logon types
• Event id’s
• Event log Capabilities Demo
• Investigation Scenario Exercise
• Evtx Over TimeLine explorer
• Sysmon
• Events Hunting

• Registry Structure
• Registry File Acquisition
• Registry Explorer
• Registry Points Of Interst
• RegistryASEPS
• UserAssist
• ShellBags
• Setupapi

• Working With Wireshark
• Wireshark Filters and Adaptations
• Wireshark Statistics
• DNS Analysis
• DHCP Analysis
• HTTP Analysis
• Attack Scenarios Exercies
• SMB & MS-RPC Analysis
• Attack Scenario Exam

• Jump Lists
• ShimCache
• AmCache