Home

Hacking incident response procedures and analytical tools used by experts

Rookie
3 chapters
English · Japanese · Korean|Audio Korean

Skills You’ll Learn

Tips for analyzing network packets using Wireshark (Wireshark)

An introduction to tools for analyzing massive network packet logs

Web log analysis using Elasticsearch (Elasticsearch)

Introduction to how to use Elasticsearch, an open source-based high-volume log analysis tool

Snot-detection edge structure description (header/body)

I will explain Snort (Snort) as an intrusion detection system engine.




Note) An example link to a well-written selling page

Photographer Chosun Hee's perspective on the subject <flower>

Monthly profit of 5 million won! Epoxy line construction that anyone can do

Class introduction



Hello, this is Song Dae-geun.

The AhnLab (AhnLab) CERT team was responsible for investigating various hacking incidents that occurred in private companies and public institutions. I was in charge of the SOC construction project and operation project PM at IBM Korea. If a hacking incident occurs through a class, I will tell you the know-how to analyze the cause of the attack.

When a cybersecurity incident, or hacking incident, occurs in an enterprise, an infringement incident response specialist in the corporate security team performs incident response work. Business impact must be minimized by quickly identifying the extent of damage and rectifying incidents.

Infringement incident response experts quickly rectify and normalize damage according to established incident response processes. If activities required to comply with laws or regulations required by the industry are omitted, penalties or additional implementation items may occur under relevant laws or regulations.

Explain corporate incident response procedures through classes. Also, when a hacking incident occurs, personal information is leaked. If a personal information leak occurs, we will let you know how the procedures for dealing with the infringement incident are carried out.

Companies conduct annual or quarterly training through simulated training for essential activities necessary to respond in the event of a security incident. In the training process, training is conducted to analyze the cause of the accident using various security tools. When a hacking incident actually occurs, an infringement incident response specialist uses a security solution to analyze the cause of the incident. Let's take a look at the analytical tools used by analysts like you.


Course effect



  • You can learn about response procedures for damage recovery in the event of a hacking incident.

  • You can learn how to respond to a personal information breach incident.

  • I would like to tell you about network intrusion detection systems (IDS).

  • Here are tips for analyzing network packets using Wireshark (Wireshark).

  • I will show you how to analyze web logs using Elasticsearch (Elasticsearch).

Recommended target



  • Those who are curious about the response process in the event of a hacking incident

  • Those who are interested in security tools required to analyze hacking incidents

  • If you have questions about the Snort (Snort) intrusion detection tool

  • If you are curious about a tool to efficiently analyze web logs


Pre-course notes



  • You must proceed directly with the Wireshark (Wireshark) installation used in the class.

  • The Elasticsearch (Elasticsearch) installation file used by the class must be downloaded and installed directly from the Elastic website.


What makes this class special

❶ Learn analytical tools and methods used by infringement response/analysis practitioners

If you don't have much experience analyzing breaches, it can be difficult to know where to start the analysis and how to perform log analysis when investigating an incident. I will tell you the response process carried out by an analyst who analyzes hacking incidents through classes.

We will share sample logs for analysis and analysis know-how through practical examples so that you can quickly find the cause of the incident and identify attack paths. You'll learn how to analyze efficiently.

Screenshot 2023-06-12 at 10.28.17 AM.png

Screenshot 2023-08-09 at 4.57.12 PM.png

<video or photo>

❶ Method and know-how of using Wireshark for network packet analysis

The hacking path is traced through stored packet analysis. We'll show you how to apply network packet filtering to find internal systems infected with malware or to find attackers that have attempted attacks using vulnerabilities.


Protocol Hierarchy 2.png

How to use Elasticsearch for mass log analysis and know-how

I will teach you the basic concepts for analyzing web logs using Elasticsearch Engine, a log analysis tool of Daeyongrang, an open source project. Sample logs for practical exercises are provided for concept learning.


<Attack log sample generation using ChatGPT>

ChatGPT_샘플로그활용.png

<Elastic Search Log Analysis Using Sample Logs>

Add logs 2.png


Curriculum

Creator

BIGROOT SECURITY

BIGROOT SECURITY

We analyzed and responded to security breaches by private companies and public institutions, and carried out various types of security incident responses, including 3.20 cyber attacks, community portals, and online shopping mall infringement incident investigations.


While in charge of technical work in the security division of IBM and Cisco (Cisco), a global security company, I carried out security projects for corporate customers. We share the knowledge and competencies required by corporate security personnel based on experience in dealing with various security issues and project construction/operation experience.


Key work experience

  • Security consultant: design/construction/operation of security enhancement strategies through security infrastructure consulting

  • Security Control Consulting: Conducting SOC construction consulting and operation tasks

  • Security Service Product Development: Next Generation Security Control Solution & Service Development

  • Response to infringement incidents: many military, public, private companies, etc.

  • 2014 KISA K-Shield Security Course Instructor (Instructor in charge of AhnLab network forensics training)

  • 2016 Personal Information Security (PIS) FAIR/ Presentation Topic 'Security Intelligence'

gregsong1918

gregsong1918

View similar classes you might also like

Hacking incident analysis know-how learned through practiceSecurity · Network  |  BIGROOT SECURITY

Notes on Copyright Protection

  • All videos and materials included in the class are protected intellectual property under relevant laws.
  • You may face legal action if you copy, distribute, transmit, modify or edit the videos or materials included in the class without permission.
CLASS 101, LLC.
1201 North Market St. Suite 111, Wilmington, DE, 19801
support@101.inc