Security Event Triage: Analyzing Live System Process and Files
Traditional forensic analysis on endpoints is outpaced by modern attack techniques. This course will teach you how to efficiently identify and investigate malicious activity by performing live system analysis on processes and files.
Covert attack techniques coupled with the use of legitimate processes and utilities require more advanced detection and analysis techniques. In this course, Security Event Triage: Analyzing Live System Process and Files, you’ll learn how to leverage endpoint detection tools and techniques to detect attacks that bypass traditional signature and rule-based capabilities. First, you’ll explore how malware establishes persistence on disk or via the registry. Next, you’ll discover how to detect malware that injects itself into legitimate processes. Finally, you’ll learn how to correlate running processes with network connections to identify malicious processes but also C2 communication channels. When you’re finished with this course, you’ll have the skills and knowledge of live system analysis needed for Continuous monitoring and detection.
Author Name: Cristian Pascariu
Author Description:
Cristian took part in auditing and implementation of infosec capabilities to uplift security posture. He managed codification efforts to extract indicators of compromise and created rules in the scope of defending against new emerging threats. He has also developed tools and scripts to overcome security gaps within the corporate network. Cristian has mentored L1 and L2 analysts to increase triage efficiency and combat new threats. He has experience in the field of Application Security and has pr… more
Table of Contents
- Course Overview
1min - Defining Live System Analysis
16mins - Analyzing Host-based Indicators
32mins - Analyzing Live Processes and Services
20mins - Leveraging Memory Analysis
18mins - Correlating Security Events
4mins
There are no reviews yet.