In this video, explore hunt teams, analysis techniques—behavioral and heuristical—, and establishing a review system for logs and events to find incidents.
- [Narrator] To facilitate incident detection and response,…it's important to be actively looking…for incidents in your network.…There are three major ways to systematize your efforts…and detect new incidents, utilizing hunt teams,…selecting the correct analysis techniques,…and establishing a log and event review system.…In a previous lesson we talked about…the blue team and the red team,…but what exactly is a hunt team?…Well a hunt team is a group of cybersecurity professionals…who focus on finding an adversary…who's already on your network,…whether you know they're there or not.…
The hunt team works under…the security operations center in the organization.…They search through event and log files…to determine where a malicious actor…could be hiding inside your network.…The hunt team works to identify any internal…or external violations of your network security policy,…as well as violations of your privacy policy.…They are also responsible for locating insider threats,…which are extremely challenging since…the user has the authorize credentials already in place.…
Author
Jason Dion
Released
8/27/2018Looking for study partners?
Join the CASP+ Exam study groupTesting the security of an enterprise network ensures a business can withstand today's threats. The third domain of the CompTIA Advanced Security Practitioner (CASP+) certification—Enterprise Security Operations—assesses whether you understand the basics of penetration testing and the tools and techniques attackers use to infiltrate your network. This course helps you prepare for the CASP+ exam, while deepening your knowledge of security assessments, vulnerability assessments, penetration tests, and incident response and recovery. Follow along with instructor Jason Dion as he covers topics such as reconnaissance, auditing, code reviews, and the tools used during containment and recovery. By the end of the course, you'll be one step closer to CASP+ certification—a key tool for demonstrating your advanced cybersecurity knowledge to prospective employers and clients.
We are a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Security assessments
- Audits
- Code reviews
- Assessment tools: Scanners, enumerators, exploitation tools, and more
- Incident response
- Incident response tools: Disk imaging, packet capture, memory forensics, and more
Skill Level Advanced
Duration
Views
-
Introduction
-
What you should know1m 18s
-
About the exam1m 42s
-
1. Security Assessments
-
Vulnerability assessments4m 20s
-
Malware analysis2m 21s
-
Penetration testing2m 26s
-
Internal vs. external audits1m 37s
-
Code reviews2m 38s
-
2. Tools Used in Security Assessments
-
Port scanners1m 36s
-
Vulnerability scanners1m 14s
-
Protocol analyzers1m 26s
-
Network enumerator1m 52s
-
Password crackers1m 23s
-
Fuzzer1m 9s
-
HTTP interceptor1m 6s
-
Visualization tools1m 43s
-
Command line tools1m 20s
-
Physical security tools1m 38s
-
3. Incident Response
-
E-discovery1m 43s
-
Data retention policies1m 55s
-
Data recovery and storage1m 34s
-
Data ownership2m 44s
-
Data handling2m 41s
-
Legal holds1m 27s
-
Data breach4m 59s
-
Chain of custody4m 3s
-
Forensic analysis2m 5s
-
Order of volatility1m 33s
-
Severity of the incident3m 1s
-
Incident response team1m 57s
-
Post-incident response3m 5s
-
4. Tools Used in Incident Response and Recovery
-
Disk imaging2m 18s
-
nbtstat and netstat1m 12s
-
Netcat1m 2s
-
Memory forensics1m 14s
-
File carving1m 12s
-
FTK and EnCase1m 12s
-
Conclusion
-
Next steps2m 30s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Incident detection and response