Chapter 10. Server-side Compromise

image with no caption

This is the moment of truth. Now you are ready to see NSM in action. In this chapter, we’ll put the theory, tools, and process to work in a simple compromise scenario. So far, you’ve implemented a sensor using SO and collected some NSM data. Now you plan to analyze the available evidence.

This chapter demonstrates a server-side compromise—one of the major categories of malicious network activity you’re likely to encounter. The next chapter demonstrates a client-side compromise, which may be even more popular than the server-side variant. We begin with a server-side compromise because it is conceptually easier to ...

Get The Practice of Network Security Monitoring now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.