12 Investigating External Threats

An attacker may gain initial access to the target environment by exploiting one of the published web applications or by using valid credentials such as an RDP, VPN, mailbox, and web services credentials. After successful exploitation, the threat actor will have the opportunity to control the whole environment and achieve their objectives, such as disrupting the digital life, espionage, or exfiltrating the data. As an SOC analyst, you should be aware of this and take advantage of the logs provided by the Web Application Firewall (WAF), firewalls, IPS logs, and custom applications logs to investigate such threats.

The objective of this chapter is to learn about some of the most common web attacks, such as code ...

Get Effective Threat Investigation for SOC Analysts now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Effective Threat Investigation for SOC Analysts by Mostafa Yahia

12

Investigating External Threats

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly