Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder. (Paperback)
Available to Order - shipping times vary
BTHb: INRE - Version 2.2 now available. Voted #3 of the 100 Best Cyber Security Books of All Time by Vinod Khosla, Tim O'Reilly and Marcus Spoons Stevens on BookAuthority.com as of 06/09/2018 The Blue Team Handbook is a "zero fluff" reference guide for cyber security incident responders, security engineers, and InfoSec pros alike. The BTHb includes essential information in a condensed handbook format. Main topics include the incident response process, how attackers work, common tools for incident response, a methodology for network analysis, common indicators of compromise, Windows and Linux analysis processes, tcpdump usage examples, Snort IDS usage, packet headers, and numerous other quick reference topics. The book is designed specifically to share "real life experience", so it is peppered with practical techniques from the authors' extensive career in handling incidents. Whether you are writing up your cases notes, analyzing potentially suspicious traffic, or called in to look over a misbehaving server - this book should help you handle the case and teach you some new techniques along the way.
Version 2.2 updates:
- *** A new chapter on Indicators of Compromise added.
- Table format slightly revised throughout book to improve readability.
- Dozens of paragraphs updated and expanded for readability and completeness.
- 15 pages of new content since version 2.0.
About the Author
Don Murdoch, GSE, MBA is a leading information security professional with over 13 years in digital defense. His experience is in non profit, academic, and Fortune 500 settings. He has taught CISSP and intrusion analysis courses for the SANS Institute, and is both the NICCS Incident Response course lead and the ISSAP course lead for ExpandingSecurity.com. Don has numerous InfoSec IT certifications - CISSP, ISSAP, 10 SANS certifications, is a chartered SABSA security architect, and also is certified as a TOGAF Enterprise Architect.