Security Event Triage: Monitoring Network Application Services

Exploited network application services allow a malicious actor to establish covert channels and silently exfiltrate data. This course will show you how to use the service logs to quickly detect these attacks and closedown the open threat vectors.
Course info
Level
Advanced
Updated
Sep 21, 2020
Duration
2h 32m
Table of contents
Description
Course info
Level
Advanced
Updated
Sep 21, 2020
Duration
2h 32m
Description

Network application services are both ubiquitous and exploitable. If successfully compromised by a sophisticated threat actor they provide the means for establishing C2 channels and exfiltrating company information.

In this course, Security Event Triage: Monitoring Network Application Services, you will learn foundational knowledge of the tools and techniques you can apply to detect when and how these essential services have been compromised.

First, you will learn the techniques an APT agent can employ in order to exploit the different types of network application services. Next, you will discover what the security events written to the log files can reveal about the attack that’s unfolding. Finally, you will explore how to use freely available tools to analyze events from across the network to differentiate the good from the bad in terms of the malicious use of these services. When you’re finished with this course, you will have the skills and knowledge of monitoring network application services needed to protect your organization from sophisticated cyberattacks seeking to exploit these essential network protocols.

About the author
About the author

Alan is the Lead Architect for the cyber security company Reveille Security. He is also the author of the book Rapid J2EE Development published by Prentice Hall.

More from the author
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
[Autogenerated] Hi, everyone. My name is Alan Monarchs, and welcome to my course in the security of entry are Syria's monitoring network application services. I'm, a technology consultant and published author at Rivoli Security, where I support clients in all matters relating to cybersecurity on solution architectures. We all rely on network application services for our critical business systems and APS. But what happens when these essential services come under attack? Toe Answer. This question will be getting hands on with fundamental protocols such as DNS D. Http and FTP toe. Understand how threat actors conserve ERT these everyday services. In this course, we're going to examine in detail how we can detect attacks against network application services by examining the evidence they provide in their logs. Some of the major topics that we will cover include understanding the techniques. Great actors condemn ploy against network services, detecting indicators of compromise by applying detailed log analysis techniques and using advanced tools and scripting technologies such as elastic search, PowerShell and Jupiter Lab. By the end of this course, you'll understand how malicious actors connects, ploy IT network application services to establish covert channels and to export trade company data. Importantly, though, You'll also learn how to quickly and accurately detect these attacks when they are underway. Before beginning the course, you should be familiar with network security fundamentals. From here, you should feel comfortable diving into other advanced courses in the security of engine triaged Syria's, such as detecting network anomalies with behavioral analysis and statistical base lining with seem data integration. I hope you'll join me on this journey to learn how to detect covert channels and data exfiltration with the Monitoring Network Application services course at Pluralsight.