Security Event Triage: Analyzing Live System Process and Files

Traditional forensic analysis on endpoints is outpaced by modern attack techniques. This course will teach you how to efficiently identify and investigate malicious activity by performing live system analysis on processes and files.
Course info
Level
Advanced
Updated
Mar 20, 2021
Duration
1h 34m
Table of contents
Description
Course info
Level
Advanced
Updated
Mar 20, 2021
Duration
1h 34m
Description

Covert attack techniques coupled with the use of legitimate processes and utilities require more advanced detection and analysis techniques. In this course, Security Event Triage: Analyzing Live System Process and Files, you’ll learn how to leverage endpoint detection tools and techniques to detect attacks that bypass traditional signature and rule-based capabilities. First, you’ll explore how malware establishes persistence on disk or via the registry. Next, you’ll discover how to detect malware that injects itself into legitimate processes. Finally, you’ll learn how to correlate running processes with network connections to identify malicious processes but also C2 communication channels. When you’re finished with this course, you’ll have the skills and knowledge of live system analysis needed for Continuous monitoring and detection.

About the author
About the author

Cristian is a Information Security Professional with experience in supply chain, manufacturing, gaming, and entertainment sectors for Fortune 500 companies. He has provided expertise in incident response cases by performing forensic investigations, malware analysis, and elaborating mitigation plans against complex cyber attacks.

More from the author
Exfiltration with Dnscat2
Intermediate
23m
Sep 10, 2020
More courses by Cristian Pascariu
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, everyone. My name is Cristian Pascariu, and welcome to my course, Security Event Triage: Analyzing Live System Processes and Files. I am an information security professional and Pluralsight author. Modern offensive techniques see attackers make use of legitimate tools and utilities to mount cyberattacks, which outpace traditional security defenses. This course is part of the security event triage learning path, and it's meant to uplift your skills by analyzing live processes and services to discover hidden threats. Some of the major topics that we'll cover include leverage file integrity monitoring to discover malware artifacts on disk, use endpoint detection to detect malicious code injected into legitimate processes, and perform memory analysis to hunt for malware using signature‑based detection. By the end of this course, you'll know how to detect and analyze intrusions by analyzing live processes and files. Before beginning this course, you should be familiar with security fundamentals. From here, you should feel comfortable diving into the security event triage path with more advanced courses on anomaly detection, statistical baselining, and behavioral analysis. I hope you'll join me on this journey to learn live system analysis with the Security Event Triage: Analyzing Live System Processes and Files course at Pluralsight.