* Cantinho Satkeys

Refresh History
  • FELISCUNHA: ghyt74  pessoal   49E09B4F
    01 de Setembro de 2025, 11:36
  • j.s.: de regresso a casa  535reqef34
    31 de Agosto de 2025, 20:21
  • j.s.: try65hytr a todos  4tj97u<z
    31 de Agosto de 2025, 20:21
  • FELISCUNHA: ghyt74   49E09B4e bom fim de semana  4tj97u<z
    30 de Agosto de 2025, 11:48
  • henrike: try65hytr     k7y8j0
    29 de Agosto de 2025, 21:52
  • JPratas: try65hytr Pessoal 4tj97u<z 2dgh8i classic k7y8j0
    29 de Agosto de 2025, 03:57
  • cereal killa: dgtgtr pessoal  2dgh8i
    27 de Agosto de 2025, 12:28
  • FELISCUNHA: Votos de um santo domingo para todo o auditório  4tj97u<z
    24 de Agosto de 2025, 11:26
  • janstu10: reed
    24 de Agosto de 2025, 10:52
  • FELISCUNHA: ghyt74   49E09B4F  e bom fim de semana  4tj97u<z
    23 de Agosto de 2025, 12:03
  • joca34: cd Vem dançar Kuduro Summer 2025
    22 de Agosto de 2025, 23:07
  • joca34: cd Kizomba Mix 2025
    22 de Agosto de 2025, 23:06
  • JPratas: try65hytr A Todos e Boas Férias 4tj97u<z htg6454y k7y8j0
    22 de Agosto de 2025, 04:22
  • FELISCUNHA: ghyt74  pessoal  4tj97u<z
    21 de Agosto de 2025, 11:15
  • cereal killa: dgtgtr e boas ferias  r4v8p 535reqef34
    18 de Agosto de 2025, 13:04
  • FELISCUNHA: ghyt74  pessoal   49E09B4F
    18 de Agosto de 2025, 11:31
  • joca34: bom dia alguem tem es cd Portugal emigrante 2025
    17 de Agosto de 2025, 05:46
  • j.s.: bom fim de semana  49E09B4F
    16 de Agosto de 2025, 20:47
  • j.s.: try65hytr a todos  4tj97u<z
    16 de Agosto de 2025, 20:47
  • Itelvo: Bom dia pessoal
    15 de Agosto de 2025, 14:02
« anterior seguinte »
Páginas: [1]   Ir para o fundo

Autor Tópico: FOR572 Advanced Network Forensics Threat Hunting, Analysis, and Incident Response  (Lida 22 vezes)

0 Membros e 1 Visitante estão a ver este tópico.

Offline mitsumi

  • Sub-Administrador
  • ****
  • Mensagens: 124630
  • Karma: +0/-0
FOR572 Advanced Network Forensics Threat Hunting, Analysis, and Incident Response
« em: 21 de Agosto de 2025, 10:30 »


Philip Hagen | Duration: 36h 00m | Video: H264 1280x720 | Audio: AAC 32 kHz mono | 6,60 GB | Language: English

Whether you handle an intrusion incident, data theft case, employee misuse scenario, or are engaged in proactive adversary discovery, the network often provides an unparalleled view of the incident. SANS FOR572 covers the tools, technology, and processes required to integrate network evidence sources into your investigations to provide better findings, and to get the job done faster.
Take your system-based forensic knowledge onto the wire. Incorporate network evidence into your investigations, provide better findings, and get the job done faster.
It is exceedingly rare to work any forensic investigation that doesn't have a network component. Endpoint forensics will always be a critical and foundational skill for this career but overlooking their network communications is akin to ignoring security camera footage of a crime as it was committed. Whether you handle an intrusion incident, data theft case, employee misuse scenario, or are engaged in proactive adversary discovery, the network often provides an unparalleled view of the incident. Its evidence can provide the proof necessary to show intent, uncover attackers that have been active for months or longer, or may even prove useful in definitively proving a crime actually occurred.
FOR572: ADVANCED NETWORK FORENSICS: THREAT HUNTING, ANALYSIS AND INCIDENT RESPONSE was designed to cover the most critical skills needed for the increased focus on network communications and artifacts in today's investigative work, including numerous use cases. Many investigative teams are incorporating proactive threat hunting to their skills, in which existing evidence is used with newly-acquired threat intelligence to uncover evidence of previously-unidentified incidents. Others focus on post-incident investigations and reporting. Still others engage with an adversary in real time, seeking to contain and eradicate the attacker from the victim's environment. In these situations and more, the artifacts left behind from attackers' communications can provide an invaluable view into their intent, capabilities, successes, and failures.
In FOR572, we focus on the knowledge necessary to examine and characterize communications that have occurred in the past or continue to occur. Even if the most skilled remote attacker compromised a system with an undetectable exploit, the system still has to communicate over the network. Without command-and-control and data extraction channels, the value of a compromised computer system drops to almost zero. Put another way: Bad guys are talking - we'll teach you to listen.
This course covers the tools, technology, and processes required to integrate network evidence sources into your investigations, with a focus on efficiency and effectiveness. You will leave this week with a well-stocked toolbox and the knowledge to use it on your first day back on the job. We will cover the full spectrum of network evidence, including high--evel NetFlow analysis, low-level pcap-based dissection, ancillary network log examination, and more. We cover how to leverage existing infrastructure devices that may contain months or years of valuable evidence as well as how to place new collection platforms while an incident is underway.
You Will Be Able To:
• Extract files from network packet captures and proxy cache files, allowing follow-on malware analysis or definitive data loss determinations
• Use historical NetFlow data to identify relevant past network occurrences, allowing accurate incident scoping
• Reverse engineer custom network protocols to identify an attacker's command-and-control abilities and actions
• Decrypt captured SSL/TLS traffic to identify attackers' actions and what data they extracted from the victim
• Use data from typical network protocols to increase the fidelity of the investigation's findings
• Identify opportunities to collect additional evidence based on the existing systems and platforms within a network architecture
• Examine traffic using common network protocols to identify patterns of activity or specific actions that warrant further investigation
• Incorporate log data into a comprehensive analytic process, filling knowledge gaps that may be far in the past
• Learn how attackers leverage meddler-in-the-middle tools to intercept seemingly secure communications
• Examine proprietary network protocols to determine what actions occurred on the endpoint systems
• Analyze wireless network traffic to find evidence of malicious activity
• Learn how to modify configuration on typical network devices such as firewalls and intrusion detection systems to increase the intelligence value of their logs and alerts during an investigation
• Apply the knowledge you acquire during the week in a full-day capstone lab, modeled after real-world nation-state intrusions and threat actors
Homepage:
Código: [Seleccione]
https://www.sans.org/cyber-security-courses/advanced-network-forensics-threat-hunting-incident-response/
Screenshots


Download link

rapidgator.net:
Citar
https://rapidgator.net/file/e2be1e3159706e4ddd7f8603175a524d/clvrf.FOR572.Advanced.Network.Forensics.Threat.Hunting.Analysis.and.Incident.Response.part1.rar.html
https://rapidgator.net/file/1d344e567ec6468075e24c568543a44b/clvrf.FOR572.Advanced.Network.Forensics.Threat.Hunting.Analysis.and.Incident.Response.part2.rar.html
https://rapidgator.net/file/c200cf2de9a1e2f760eec92ff8b07014/clvrf.FOR572.Advanced.Network.Forensics.Threat.Hunting.Analysis.and.Incident.Response.part3.rar.html
https://rapidgator.net/file/2c60d479c4f371567b611b3d10136e85/clvrf.FOR572.Advanced.Network.Forensics.Threat.Hunting.Analysis.and.Incident.Response.part4.rar.html

nitroflare.com:
Citar
https://nitroflare.com/view/CAE433574B650C7/clvrf.FOR572.Advanced.Network.Forensics.Threat.Hunting.Analysis.and.Incident.Response.part1.rar
https://nitroflare.com/view/CBC05512063928D/clvrf.FOR572.Advanced.Network.Forensics.Threat.Hunting.Analysis.and.Incident.Response.part2.rar
https://nitroflare.com/view/0B1949096B0943E/clvrf.FOR572.Advanced.Network.Forensics.Threat.Hunting.Analysis.and.Incident.Response.part3.rar
https://nitroflare.com/view/937BF52B2131E99/clvrf.FOR572.Advanced.Network.Forensics.Threat.Hunting.Analysis.and.Incident.Response.part4.rar
Registado
Páginas: [1]   Ir para o topo
« anterior seguinte »