In this course on system anomaly detection, you will explore the use of CPU, RAM, GPU, fans, and power resource usage data to reveal various advanced attacker techniques and uncover events associated with hardware supply chain interdiction.
Developing the skills necessary for a security analyst to properly detect and triage advanced attacker intrusion tactics and techniques requires experience and the use of advanced detection capabilities. Neither of which are easily obtained. In this course, Security Event Triage: Detecting System Anomalies, you will learn foundational knowledge required to baseline different machine performance data and triage deviations from that baseline that can indicate a stealthy adversary’s presence in your environment when all other methods have failed. First, you will learn about CPU, RAM, and Hard drive metric data and how it can be used to detect anything from botnets to the use of hard drives as microphones for side-channel espionage. Next, you will discover the techniques used for “in-browser” crypto-jacking or malware delivered crypto mining activity by monitoring browser activity and GPU usage that stands out from the established baseline for normal applications. Finally, you will look at fan speeds and power usage to identify air-gapped network hopping techniques and hardware supply chain compromise. When you are finished with this course, you will have the skills and knowledge of not only how a multitude of advanced attacker techniques are performed, but also what they look like in a realistic environment and how to identify them as part of your security analyst operations.
Course Overview (Music) Hi everyone. My name's Aaron Rosenmund, and welcome to my course, Detecting System Anomalies in the Security Event Triage series. I am a full-time author with Pluralsight where I focus on research and course creation for incident response and security operations. In the ever-advancing field of security operations, you have the near impossible job of understanding not just the concepts of cybersecurity, but the ins and outs of network engineering, systems administration, adversary tactics, and everything else that falls under the heading of cyber, so that you can detect and analyze events on the network and systems you monitor. The Security Event Triage series is designed to quickly expose you to the full spectrum of multi-vector attacks from different threat actors over a multitude of applications, operating systems, and services, to get you the experience that you need separating good from bad to level-up quickly. In this course, we're going to demonstrate and create behavioral detection methods for botnet activity, cryptojacking and cryptomining malware, use of side channel information for good and evil, as well as software and hardware supply chain interdiction. By the end of this course, you will not only have a better understanding of what these advanced attack techniques look like in the wild, but also how to apply behavioral detection techniques that integrate into your existing daily workflow for alerts. Before beginning the course, you should be familiar with the security fundamentals. From here, you should feel comfortable diving in to other advanced security analysis areas with courses on revealing attacker methodology in web applications and databases, analyzing live system processes and files, and performing tailored alerting and event triage with SIEM tools. I hope you'll join me in this journey to learn system behavior security analysis with the Security Event Triage: Detecting System Anomalies course, at Pluralsight