SANS FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response (PDF-VID-LAB)

2,100.00

Whether you handle an intrusion incident, data theft case, employee misuse scenario, or are engaged in proactive adversary discovery, the network often provides an unparalleled view of the incident. SANS FOR572 covers the tools, technology, and processes required to integrate network evidence sources into your investigations to provide better findings, and to get the job done faster.

 

HOMEPAGE – https://www.anonymz.com/…advanced-network-forensics-threat-hunting-incident-response/

 

Original Price: $7,270
Our Price: $25

 

Description

Size: 129 GB

You Will Be Able To

  • Extract files from network packet captures and proxy cache files, allowing follow-on malware analysis or definitive data loss determinations
  • Use historical NetFlow data to identify relevant past network occurrences, allowing accurate incident scoping
  • Reverse engineer custom network protocols to identify an attacker’s command-and-control abilities and actions
  • Decrypt captured SSL/TLS traffic to identify attackers’ actions and what data they extracted from the victim
  • Use data from typical network protocols to increase the fidelity of the investigation’s findings
  • Identify opportunities to collect additional evidence based on the existing systems and platforms within a network architecture
  • Examine traffic using common network protocols to identify patterns of activity or specific actions that warrant further investigation
  • Incorporate log data into a comprehensive analytic process, filling knowledge gaps that may be far in the past
  • Learn how attackers leverage meddler-in-the-middle tools to intercept seemingly secure communications
  • Examine proprietary network protocols to determine what actions occurred on the endpoint systems
  • Analyze wireless network traffic to find evidence of malicious activity
  • Learn how to modify configuration on typical network devices such as firewalls and intrusion detection systems to increase the intelligence value of their logs and alerts during an investigation
  • Apply the knowledge you acquire during the week in a full-day capstone lab, modeled after real-world nation-state intrusions and threat actors