Books & Videos

Table of Contents

  1. Chapter 1 Incident Response Fundamentals

    1. The Incident Response Team

    2. Justify Your Existence

    3. Measure Up

    4. Who’s Got My Back?

    5. The Tool Maketh the Team

    6. Choose Your Own Adventure

    7. Buy or Build?

    8. Run the Playbook!

    9. Chapter Summary

  2. Chapter 2 What Are You Trying to Protect?

    1. The Four Core Questions

    2. There Used to Be a Doorway Here

    3. Host Attribution

    4. Identifying the Crown Jewels

    5. Make Your Own Sandwich

    6. More Crown Jewels

    7. Standard Standards

    8. Risk Tolerance

    9. Can I Get a Copy of Your Playbook?

    10. Chapter Summary

  3. Chapter 3 What Are the Threats?

    1. “The Criminal Is the Creative Artist; the Detective Only the Critic”

    2. Hanging Tough

    3. Cash Rules Everything Around Me

    4. Greed.isGood();

    5. I Don’t Want Your Wallet, I Want Your Phone

    6. There’s No Place Like 127.0.0.1

    7. Let’s Play Global Thermonuclear War

    8. Defense Against the Dark Arts

    9. Chapter Summary

  4. Chapter 4 A Data-Centric Approach to Security Monitoring

    1. Get a Handle on Your Data

    2. Metadata: Data About Data About Data

    3. Chapter Summary

  5. Chapter 5 Enter the Playbook

    1. Report Identification

    2. Chapter Summary

  6. Chapter 6 Operationalize!

    1. You Are Smarter Than a Computer

    2. Playbook Management System

    3. Event Query System

    4. Result Presentation System

    5. Incident Handling and Remediation Systems

    6. Case Tracking Systems

    7. Keep It Running

    8. Keep It Fresh

    9. Chapter Summary

  7. Chapter 7 Tools of the Trade

    1. Defense in Depth

    2. The Security Monitoring Toolkit

    3. Chapter Summary

  8. Chapter 8 Queries and Reports

    1. False Positives: Every Playbook’s Mortal Enemy

    2. There Ain’t No Such Thing as a Free Report

    3. An Inch Deep and a Mile Wide

    4. A Million Monkeys with a Million Typewriters

    5. A Chain Is Only as Strong as Its Weakest Link

    6. Detect the Chain Links, Not the Chain

    7. Getting Started Creating Queries

    8. Turning Samples of Malicious Activity into Queries for Reports

    9. Reports Are Patterns, Patterns Are Reports

    10. The Goldilocks-Fidelity

    11. Exploring Out of Sight of Land

    12. Chapter Summary

  9. Chapter 9 Advanced Querying

    1. Basic Versus Advanced

    2. The False Positive Paradox

    3. Good Indications

    4. Consensus as an Indicator (Set Operations and Outlier Finding)

    5. Set Operations for Finding Commonalities

    6. Finding Black Sheep

    7. Statistics: 60% of the Time, It Works Every Time

    8. Skimming the IDS Flotsam Off the Top

    9. Pulling Patterns Out of NetFlow

    10. Looking for Beaconing with Statistics

    11. Is Seven a Random Number?

    12. Correlation Through Contingent Data

    13. Who Is Keyser Söze?

    14. Guilty by Association

    15. Chapter Summary

  10. Chapter 10 I’ve Got Incidents Now! How Do I Respond?

    1. Shore Up the Defenses

    2. Lockdown

    3. No Route for You

    4. One Potato, Two Potato, Three Potato, Yours

    5. Lessons Learned

    6. Chapter Summary

  11. Chapter 11 How to Stay Relevant

    1. Oh, What a Tangled Web We Weave, When First We Practice to Deceive!

    2. The Rise of Encryption

    3. Encrypt Everything?

    4. TL;DR