O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CyberSec First Responder: Threat Detection and Response (Exam CFR-210) CSFR

Video Description

The CyberSec First Responder: Threat Detection and Response course prepares the candidates to protect the IT infrastructure of their organizations against cyber-attacks. The course also teaches the candidates to execute a properly planned response to such incidents. The tools and techniques taught in this course are independent of the size and scope of the organization as the course is based on the common threats, risks and their mitigation techniques which are applicable universally. The candidates are advised to have some knowledge of basic networking technologies such as TCP/IP, routing protocols, network security and VPNs. In addition to this, the candidates are also supposed to have at least two years of professional experience in network administration or a similar field.

Table of Contents

  1. Course Introduction
    1. Introduction 00:00:23
    2. Course Introduction 00:01:13
    3. Instructor Introduction 00:00:10
  2. Assessing Information Security Risk
    1. Chapter 01 Introduction 00:00:22
    2. Topic A: Identify the Importance of Risk Management 00:00:28
    3. Elements of Cybersecurity (Perimeter Model) 00:01:26
    4. Elements of Cybersecurity (Endpoint Model) 00:01:38
    5. The Risk Equation 00:00:55
    6. Risk Management 00:00:56
    7. The Importance of Risk Management 00:00:44
    8. ERM 00:00:42
    9. Reasons to Implement ERM 00:01:02
    10. Risk Exposure 00:00:25
    11. Risk Analysis Methods 00:01:22
    12. Risks Facing an Enterprise 00:01:11
    13. Topic B: Assess Risk 00:00:32
    14. ESA Frameworks 00:00:28
    15. ESA Framework Assessment Process Part1 00:00:43
    16. ESA Framework Assessment Process Part2 00:00:44
    17. New and Changing Business Models 00:00:40
    18. De-perimeterization 00:01:41
    19. New Products and Technologies 00:01:24
    20. Internal and External Influences 00:00:56
    21. System-Specific Risk Analysis 00:00:39
    22. Risk Determinations 00:02:58
    23. Documentation of Assessment Results 00:00:37
    24. Guidelines for Assessing Risk 00:02:02
    25. Topic C: Mitigate Risk 00:00:51
    26. Classes of Information 00:01:17
    27. Classification of Information Types into CIA Levels 00:01:51
    28. Security Control Categories 00:01:16
    29. Technical Controls (Template) 00:00:27
    30. Technical Controls (Example Answer) 00:00:36
    31. Aggregate CIA Score 00:03:08
    32. Common Vulnerability Scoring System 00:01:55
    33. Common Vulnerabilities and Exposures 00:00:30
    34. Demo - Common Vulnerability Scoring System 00:05:42
    35. Extreme Scenario Planning and Worst Case Scenarios 00:01:12
    36. Risk Response Techniques 00:01:11
    37. Additional Risk Management Strategies 00:01:41
    38. Continuous Monitoring and Improvement 00:00:27
    39. IT Governance 00:00:31
    40. Guidelines for Mitigating Risk 00:01:12
    41. Topic D: Integrate Documentation into Risk Management 00:00:30
    42. From Policy to Procedures 00:01:17
    43. Policy Development 00:00:15
    44. Process and Procedure Development 00:00:11
    45. Demo - Finding a Policy Template 00:05:20
    46. Topics to Include in Security Policies and Procedures 00:00:37
    47. Best Practices to Incorporate in Security Policies and Procedures Part1 00:01:35
    48. Best Practices to Incorporate in Security Policies and Procedures Part2 00:00:59
    49. Business Documents That Support Security Initiatives 00:01:50
    50. Guidelines for Integrating Documentation into Risk Management Part1 00:01:07
    51. Guidelines for Integrating Documentation into Risk Management Part2 00:00:46
    52. Chapter 01 Review 00:00:22
  3. Analyzing the Threat Landscape
    1. Chapter 02 Introduction 00:00:14
    2. Topic A: Classify Threats and Threat Profiles 00:00:31
    3. Threat Actors Part1 00:01:12
    4. Threat Actors Part2 00:00:45
    5. Threat Motives 00:00:39
    6. Threat Intentions 00:00:40
    7. Attack Vectors 00:00:42
    8. Attack Technique Criteria 00:01:21
    9. Qualitative Threat and Impact Analysis 00:00:54
    10. Guidelines for Classifying Threats and Threat Profiles 00:00:39
    11. Topic B: Perform Ongoing Threat Research 00:00:30
    12. Ongoing Research 00:00:48
    13. Situational Awareness 00:00:31
    14. Commonly Targeted Assets 00:01:57
    15. The Latest Vulnerabilities 00:01:22
    16. The Latest Threats and Exploits 00:01:28
    17. The Latest Security Technologies 00:01:08
    18. Resources Aiding in Research Part1 00:00:52
    19. Resources Aiding in Research Part2 00:00:22
    20. Demo - Resources that Aid in Research of Threats 00:03:02
    21. The Global Cybersecurity Industry and Community 00:00:43
    22. Trend Data 00:00:16
    23. Trend Data and Qualifying Threats 00:01:02
    24. Guidelines for Performing Ongoing Threat Research 00:01:26
    25. Chapter 02 Review 00:00:29
  4. Analyzing Reconnaissance Threats to Computing and Network Environments
    1. Chapter 03 Introduction 00:00:21
    2. Topic A: Implement Threat Modeling 00:00:25
    3. The Diverse Nature of Threats 00:00:37
    4. The Anatomy of a Cyber Attack 00:02:13
    5. Threat Modeling 00:00:37
    6. Reasons to Implement Threat Modeling 00:00:33
    7. Threat Modeling Process 00:01:15
    8. Attack Tree 00:01:36
    9. Threat Modeling Tools 00:00:25
    10. Threat Categories 00:01:27
    11. Topic B: Assess the Impact of Reconnaissance Incidents 00:00:37
    12. Footprinting, Scanning, and Enumeration 00:01:15
    13. Footprinting Methods 00:01:36
    14. Network and System Scanning Methods 00:00:41
    15. Enumeration Methods 00:01:05
    16. Evasion Techniques for Reconnaissance 00:02:07
    17. Reconnaissance Tools 00:02:39
    18. Packet Trace Analysis with Wireshark 00:00:31
    19. Demo - Performing Reconnaissance on a Network 00:07:23
    20. Demo - Examining Reconnaissance Incidents 00:08:11
    21. Topic C: Assess the Impact of Social Engineering 00:00:25
    22. Social Engineering 00:02:10
    23. Types of Social Engineering Part1 00:01:53
    24. Types of Social Engineering Part2 00:01:44
    25. Types of Social Engineering Part3 00:01:09
    26. Phishing and Delivery Media 00:00:48
    27. Phishing and Common Components 00:01:15
    28. Social Engineering for Reconnaissance 00:00:50
    29. Demo - Assessing the Impact of Social Engineering 00:07:37
    30. Demo - Assessing the Impact of Phishing 00:03:23
    31. Chapter 03 Review 00:00:26
  5. Analyzing Attacks on Computing and Network Environments
    1. Chapter 04 Introduction 00:00:22
    2. Topic A: Assess the Impact of System Hacking Attacks 00:00:19
    3. System Hacking Part1 00:00:29
    4. System Hacking Part2 00:00:29
    5. System Hacking Part3 00:00:33
    6. System Hacking Part4 00:00:30
    7. System Hacking Part5 00:00:27
    8. System Hacking Part6 00:00:24
    9. Password Sniffing 00:00:58
    10. Password Cracking 00:03:58
    11. Demo - Cracking Passwords Using a Password File 00:08:31
    12. Privilege Escalation 00:00:58
    13. Social Engineering for Systems Hacking 00:00:26
    14. System Hacking Tools and Exploitation Frameworks 00:01:06
    15. Topic B: Assess the Impact of Web-Based Attacks 00:00:26
    16. Client-Side vs. Server-Side Attacks 00:01:10
    17. XSS 00:00:57
    18. XSRF 00:00:59
    19. SQL Injection 00:01:47
    20. Directory Traversal 00:01:59
    21. File Inclusion 00:01:25
    22. Additional Web Application Vulnerabilities and Exploits 00:01:17
    23. Web Services Exploits 00:01:10
    24. Web-Based Attack Tools 00:00:21
    25. Demo - Assessing the Impact of Web-Based Threats 00:03:24
    26. Topic C: Assess the Impact of Malware 00:00:22
    27. Malware Categories 00:04:55
    28. Trojan Horse 00:00:47
    29. Polymorphic Virus 00:00:15
    30. Spyware 00:01:10
    31. Supply Chain Attack 00:00:41
    32. Malware Tools 00:00:17
    33. Demo - Malware Detection and Removal 00:05:35
    34. Topic D: Assess the Impact of Hijacking and Impersonation Attacks 00:00:28
    35. Spoofing, Impersonation, and Hijacking 00:00:42
    36. ARP Spoofing 00:05:12
    37. DNS Poisoning 00:01:36
    38. ICMP Redirect 00:00:58
    39. DHCP Spoofing 00:02:33
    40. NBNS Spoofing 00:01:17
    41. Session Hijacking 00:00:45
    42. Hijacking and Spoofing Tools 00:00:24
    43. Topic E: Assess the Impact of DoS Incidents 00:00:24
    44. DoS Attacks 00:01:58
    45. DoS Attack Techniques 00:04:37
    46. DDoS 00:00:53
    47. DoS Evasion Techniques 00:01:31
    48. DoS Tools 00:00:27
    49. Demo - Assessing the Impact of DoS Attacks 00:04:07
    50. Topic F: Assess the Impact of Threats to Mobile Security 00:00:27
    51. Trends in Mobile Security 00:02:38
    52. Wireless Threats 00:01:51
    53. BYOD Threats 00:01:33
    54. Mobile Platform Threats 00:02:11
    55. Mobile Infrastructure Hacking Tools 00:00:18
    56. Topic G: Assess the Impact of Threats to Cloud Security 00:00:19
    57. Cloud Infrastructure Challenges 00:01:56
    58. Threats to Virtualized Environments 00:03:37
    59. Threats to Big Data 00:01:34
    60. Example of a Cloud Infrastructure Attack 00:01:22
    61. Cloud Platform Security 00:01:10
    62. Chapter 04 Review 00:00:21
  6. Analyzing Post - Attack Techniques
    1. Chapter 05 Introduction 00:00:38
    2. Topic A: Assess Command and Control Techniques 00:00:24
    3. Command and Control 00:01:01
    4. IRC 00:00:34
    5. HTTP/S 00:00:56
    6. DNS 00:02:02
    7. ICMP 00:01:48
    8. Additional Channels 00:01:31
    9. Demo - Assessing Command and Control Techniques 00:10:37
    10. Topic B: Assess Persistence Techniques 00:00:21
    11. Advanced Persistent Threat 00:00:53
    12. Rootkits 00:00:51
    13. Backdoors 00:00:37
    14. Logic Bomb 00:00:24
    15. Demo - Detecting Rootkits 00:03:45
    16. Rogue Accounts 00:02:04
    17. Topic C: Assess Lateral Movement and Pivoting Techniques 00:00:25
    18. Lateral Movement 00:01:42
    19. Pass the Hash 00:01:40
    20. Golden Ticket 00:02:26
    21. Remote Access Services 00:00:59
    22. WMIC 00:01:41
    23. PsExec 00:01:05
    24. Port Forwarding 00:01:12
    25. VPN Pivoting 00:00:57
    26. SSH Pivoting 00:00:42
    27. Routing Tables and Pivoting 00:00:26
    28. Topic D: Assess Data Exfiltration Techniques 00:00:18
    29. Data Exfiltration 00:00:44
    30. Covert Channels 00:01:34
    31. Steganography 00:01:03
    32. Demo - Steganography 00:03:52
    33. File Sharing Services 00:00:25
    34. Topic E: Assess Anti -Forensics Techniques 00:00:37
    35. Anti-Forensics 00:00:47
    36. Golden Ticket and Anti-Forensics 00:00:44
    37. Demo - Assessing Anti-Forensics 00:03:45
    38. Buffer Overflows 00:00:43
    39. Memory Residents 00:00:35
    40. Program Packers 00:01:01
    41. VM and Sandbox Detection 00:00:41
    42. ADS 00:02:22
    43. Covering Tracks 00:01:24
    44. Chapter 05 Review 00:00:43
  7. Evaluating the Organization’s Security Posture
    1. Chapter 06 Introduction 00:00:21
    2. Topic A: Conduct Vulnerability Assessments 00:00:32
    3. Vulnerability Assessment 00:01:14
    4. Penetration Testing 00:00:54
    5. Vulnerability Assessment vs. Penetration Testing 00:02:51
    6. Vulnerability Assessment Implementation 00:02:24
    7. Vulnerability Assessment Tools 00:01:43
    8. Specific Assessment Tools 00:01:10
    9. Port Scanning and Fingerprinting 00:02:05
    10. Sources of Vulnerability Information 00:01:29
    11. Operating System and Software Patching 00:01:02
    12. Systemic Security Issues 00:00:46
    13. Demo - Perform a Vulnerability Scan with Nessus 00:07:36
    14. Demo - Perform a Vulnerability Scan with MBSA 00:05:17
    15. Topic B: Conduct Penetration Tests on Network Assets 00:00:35
    16. ROE 00:02:29
    17. Pen Test Phases 00:01:20
    18. Pen Test Scope 00:00:54
    19. External vs. Internal Pen Testing 00:02:06
    20. Pen Testing Techniques 00:01:34
    21. Pen Testing Tools of the Trade 00:00:45
    22. Kali Linux 00:00:21
    23. Data Mining 00:00:40
    24. Attack Surface Scanning and Mapping 00:00:37
    25. Packet Manipulation for Enumeration 00:00:50
    26. Simulated Attacks 00:00:29
    27. Password Attacks 00:01:54
    28. Penetration Test Considerations 00:04:07
    29. Topic C: Follow Up on Penetration Testing 00:00:19
    30. Effective Reporting and Documentation 00:01:51
    31. Target Audiences 00:00:43
    32. Information Collection Methods 00:00:48
    33. Penetration Test Follow-Up 00:00:52
    34. Report Classification and Distribution 00:01:09
    35. Chapter 06 Review 00:00:25
  8. Collecting Cybersecurity Intelligence
    1. Chapter 07 Introduction 00:00:16
    2. Topic A: Deploy a Security Intelligence Collection and Analysis Platform 00:00:57
    3. Security Intelligence 00:01:05
    4. The Challenge of Security Intelligence Collection 00:00:34
    5. Security Intelligence Collection Lifecycle 00:00:52
    6. Security Intelligence Collection Plan 00:00:23
    7. CSM 00:00:56
    8. What to Monitor 00:01:12
    9. Security Monitoring Tools 00:00:41
    10. Data Collection 00:00:40
    11. Potential Sources of Security Intelligence 00:02:13
    12. Guidelines for Determining Which Data to Collect for Security Intelligence 00:01:01
    13. Guidelines for Determining Which Fields You Should Log 00:01:03
    14. Guidelines for Configuring Logging Systems Based on Their Impact 00:02:26
    15. Guidelines for Determining Which Events Should Prompt an Alert 00:01:16
    16. Information Processing 00:00:42
    17. External Data Sources 00:00:39
    18. Publicly Available Information 00:00:19
    19. Collection and Reporting Automation 00:00:56
    20. Data Retention 00:00:53
    21. Topic B: Collect Data from Network-Based Intelligence Sources 00:00:34
    22. Network Device Configuration Files 00:00:58
    23. Network Device State Data 00:02:25
    24. Switch and Router Logs 00:01:00
    25. Wireless Device Logs 00:01:07
    26. Firewall Logs 00:02:27
    27. WAF Logs 00:00:47
    28. IDS/IPS Logs 00:01:27
    29. Proxy Logs 00:01:52
    30. Carrier Provider Logs 00:00:36
    31. Software-Defined Networking 00:00:39
    32. Network Traffic and Flow Data 00:01:12
    33. Log Tuning 00:00:35
    34. Demo - Collecting Network-Based Security Intelligence 00:07:32
    35. Topic C: Collect Data from Host-Based Intelligence Sources 00:00:23
    36. Operating System Log Data 00:00:56
    37. Windows Event Logs 00:03:01
    38. Syslog Data 00:01:01
    39. Application Logs 00:01:21
    40. DNS Event Logs 00:00:54
    41. SMTP Logs 00:01:04
    42. HTTP Logs 00:00:45
    43. FTP Logs 00:00:36
    44. SSH Logs 00:01:24
    45. SQL Logs 00:01:03
    46. Demo - Collecting Host-Based Security Intelligence 00:15:51
    47. Demo - Parsing Log Files 00:03:54
    48. Chapter 07 Review 00:00:37
  9. Analyzing Log Data
    1. Chapter 08 Introduction 00:00:36
    2. Topic A: Use Common Tools to Analyze Logs 00:00:37
    3. Preparation for Analysis 00:00:32
    4. Guidelines for Preparing Data for Analysis 00:00:27
    5. Log Analysis Tools 00:00:26
    6. The grep Command 00:00:58
    7. The cut Command 00:01:26
    8. The diff Command 00:02:13
    9. The find Command 00:01:21
    10. WMIC for Log Analysis 00:01:31
    11. Event Viewer 00:03:28
    12. Bash 00:02:38
    13. Windows PowerShell 00:02:51
    14. Additional Log Analysis Tools 00:00:57
    15. Guidelines for Using Windows- and Linux-Based Tools for Log Analysis 00:02:49
    16. Demo - Analyzing Linux Logs for Security Intelligence 00:08:21
    17. Topic B: Use SIEM Tools for Analysis 00:00:24
    18. Security Intelligence Correlation 00:01:42
    19. SIEM 00:01:39
    20. The Realities of SIEM 00:00:49
    21. SIEM and the Intelligence Lifecycle 00:01:09
    22. Guidelines for Using SIEMs for Security Intelligence Analysis 00:01:58
    23. Demo - Incorporating SIEMs into Security Intelligence Analysis 00:18:02
    24. Topic C: Parse Log Files with Regular Expressions 00:00:45
    25. Regular Expressions 00:01:16
    26. Quantification Operators 00:02:38
    27. Anchor Operators 00:00:53
    28. Character Set Operators 00:01:54
    29. Miscellaneous Search Operators 00:02:24
    30. Special Operators 00:02:51
    31. Build an Expression 00:02:28
    32. Keyword Searches 00:04:30
    33. Special Character Searches 00:02:10
    34. IP Address Searches 00:02:37
    35. Guidelines for Writing Regular Expressions 00:00:51
    36. Chapter 08 Review 00:00:26
  10. Performing Active Asset and Network Analysis
    1. Chapter 09 Introduction 00:00:26
    2. Topic A: Analyze Incidents with Windows-Based Tools 00:00:26
    3. Registry Editor (regedit) 00:00:59
    4. Analysis with Registry Editor 00:01:14
    5. File System Analysis Tools for Windows 00:01:39
    6. Process Explorer 00:01:07
    7. Process Monitor 00:00:30
    8. Service Analysis Tools for Windows 00:01:30
    9. Volatile Memory Analysis Tools for Windows 00:01:00
    10. Active Directory Analysis Tools 00:01:56
    11. Network Analysis Tools for Windows Part1 00:02:38
    12. Network Analysis Tools for Windows Part2 00:04:09
    13. Demo - Windows-Based Incident Analysis Tools 00:19:47
    14. Topic B: Analyze Incidents with Linux-Based Tools 00:00:15
    15. File System Analysis Tools for Linux 00:00:48
    16. Process Analysis Tools for Linux 00:00:26
    17. Volatile Memory Analysis Tools for Linux 00:00:48
    18. Session Analysis Tools for Linux 00:01:01
    19. Network Analysis Tools for Linux Part1 00:00:54
    20. Network Analysis Tools for Linux Part2 00:01:19
    21. Demo - Linux -Based Incident Analysis Tools 00:07:01
    22. Topic C: Analyze Malware 00:00:42
    23. Malware Sandboxing 00:01:18
    24. Crowd -Sources Signature Detection 00:00:57
    25. VirusTotal Malware Entry 00:00:39
    26. Reverse Engineering 00:00:58
    27. Disassemblers 00:01:12
    28. Disassembly of Malware in IDA 00:00:25
    29. Malware Strings 00:00:59
    30. Anti -Malware Solutions 00:02:12
    31. MAEC 00:00:40
    32. Guidelines for Analyzing Malware 00:01:26
    33. Demo - Analyzing Malware 00:03:18
    34. Topic D: Analyze Indicators of Compromise 00:00:34
    35. IOCs 00:00:49
    36. Unauthorized Software and Files 00:03:19
    37. Suspicious Emails 00:02:07
    38. Suspicious Registry Entries 00:01:09
    39. Unknown Port and Protocol Usage 00:02:51
    40. Excessive Bandwidth Usage 00:02:31
    41. Service Disruption and Defacement 00:01:46
    42. Rogue Hardware 00:02:29
    43. Suspicious or Unauthorized Account Usage 00:01:16
    44. Guidelines for Analyzing Indicators of Compromise 00:01:36
    45. Demo - Analyzing Indicators of Compromise 00:15:03
    46. Chapter 09 Review 00:00:29
  11. Responding to Cybersecurity Incidents
    1. Chapter 10 Introduction 00:00:17
    2. Topic A: Deploy an Incident Handling and Response Architecture 00:00:42
    3. Incident Handling and Response Planning 00:00:37
    4. Site Book 00:01:25
    5. Incident Response Process 00:02:18
    6. SOCs 00:01:10
    7. CSIRT Organization 00:00:35
    8. CSIRT Roles 00:01:54
    9. A Day in the Life of a CSIRT 00:01:40
    10. CSIRT Communication Process 00:02:01
    11. Incident Indicator Sources 00:01:04
    12. The Impact and Scope of Incidents 00:01:51
    13. Incident Evaluation and Analysis 00:01:00
    14. Incident Containment 00:01:48
    15. Incident Mitigation and Eradication 00:00:46
    16. Incident Recovery 00:01:02
    17. Lessons Learned 00:01:09
    18. Incident Handling Tools 00:01:28
    19. Topic B: Mitigate Incidents 00:00:24
    20. System Hardening 00:01:36
    21. Demo - Hardening Windows Servers 00:14:23
    22. System and Application Isolation 00:00:29
    23. Blacklisting 00:02:17
    24. Whitelisting 00:00:53
    25. DNS Filtering 00:01:38
    26. Demo - DNS Filtering 00:05:07
    27. Demo - Blacklisting and Whitelisting 00:09:54
    28. Black Hole Routing 00:01:22
    29. Mobile Device Management 00:03:09
    30. Devices Used in Mitigation 00:02:47
    31. The Importance of Updating Device Signatures 00:01:19
    32. Guidelines for Mitigating Incidents 00:00:48
    33. Topic C: Prepare for Forensic Investigation as a CSIRT 00:00:17
    34. The Duties of a Forensic Analyst 00:01:34
    35. Communication of CSIRT Outcomes to Forensic Analysts 00:00:47
    36. Guidelines for Conducting Post-Incident Tasks 00:00:56
    37. Chapter 10 Review 00:00:16
  12. Investigating Cybersecurity Incidents
    1. Chapter 11 Introduction 00:00:19
    2. Topic A: Apply a Forensic Investigation Plan 00:00:33
    3. A Day in the Life of a Forensic Analyst 00:00:20
    4. Forensic Investigation Models 00:00:59
    5. Forensic Investigation Preparation 00:00:51
    6. Investigation Scope 00:00:48
    7. Timeline Generation and Analysis 00:01:45
    8. Authentication of Evidence 00:00:37
    9. Chain of Custody 00:00:54
    10. Communication and Interaction with Third Parties 00:00:47
    11. Forensic Toolkits 00:01:40
    12. Guidelines for Preparing for a Forensic Investigation 00:00:27
    13. Topic B: Securely Collect and Analyze Electronic Evidence 00:00:25
    14. Order of Volatility 00:01:57
    15. File Systems 00:01:31
    16. File Carving and Data Extraction 00:01:07
    17. Persistent Data 00:01:27
    18. Data Preservation for Forensics 00:00:47
    19. Forensic Analysis of Compromised Systems 00:01:19
    20. Demo - Securely Collecting Electronic Evidence 00:05:34
    21. Demo - Analyzing Forensic Evidence 00:07:55
    22. Topic C: Follow Up on the Results of an Investigation 00:00:16
    23. Cyber Law 00:00:24
    24. Technical Experts and Law Enforcement Liaisons 00:00:46
    25. Documentation of Investigation Results 00:00:23
    26. Chapter 11 Review 00:00:17
    27. Next Steps 00:00:32
    28. Course Closure 00:01:16