YoVDO

Practical Incident Response in Heterogenous Environment

Offered By: YouTube

Tags

Security BSides Courses Malware Analysis Courses Incident Response Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore practical incident response techniques for heterogeneous environments in this BSides Detroit 2018 conference talk. Delve into the challenges of mass-triage in modern cybersecurity and learn about innovative tools like RIFT (Retrieve Interesting Files Tool) and FRAC (Forensic Response Acquisition). Discover the process of building Advanced Indicators of Compromise (AIOCs) through malware analysis, using Trojan.Bisonal as an example. Gain insights into YARA rules and their application in creating AIOCs. Examine the capabilities of ClamAV for malware detection, including custom rule creation, remote scanning, and forensic applications. Understand how to generate ClamAV signatures using IDA with CASC and explore the future direction of incident response methodologies.

Syllabus

Intro
The mass-triage problem in 2018
Traditional IOCs application
RIFT (Retrieve Interesting Files Tool)
FRAC (Forensic Response Acquisition): The Output
Malware analysis process to build AIOCs
Example: Poisonivy
AIOCs formalization process
Trojan.Bisonal resulting AIOC description
Trojan.Bisonal traffic
Bisonal Behavior
YARA RULES toward AIOCs
Clam AV: Intro
YARA Rules, AICs and ClamAV
Using ClamAV to Scan for Badness
Using ClamAV: Results Custom Rules - ClamAV
Using ClamAV: Results Custom Rules - Yara
Sigtool: ClamAV command line
Sigtool: Command explained
Generating ClamAV Signatures with IDA with CASC
Remote ClamAV scan with Psexec
Remote ClamAV scan with FRAC
ClamAV Bisonal - logic signature
ClamAV and Forensics
Where are we heading


Related Courses

Information Security Management in a Nutshell
SAP Learning
Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery
(ISC)² via Coursera
Enterprise Security Fundamentals
Microsoft via edX
Planning a Security Incident Response
Microsoft via edX
Introduction to Cybersecurity
Udacity