Incident Response with Threat Intelligence

Practical insights into developing an incident response capability through intelligence-based threat hunting

Roberto Martínez

BIRMINGHAM—MUMBAI

Incident Response with Threat Intelligence

Copyright © 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Vijin Boricha

Publishing Product Manager: Vijin Boricha

Senior Editor: Arun Nadar

Content Development Editor: Romy Dias

Technical Editor: Shruthi Shetty

Copy Editor: Safis Editing

Project Coordinator: Ajesh Devavaram

Proofreader: Safis Editing

Indexer: Subalakshmi Govindan

Production Designer: Alishon Mendonca

Marketing Coordinator: Sanjana Gupta

First published: May 2022

Production reference: 1180522

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80107-295-3

www.packt.com

Dedicated to those who showed me the way with their love and example and taught me never to give up.

Contributors

About the author

Roberto Martínez (@r0bertmart1nez) has worked as senior security researcher at Kaspersky's Global Research and Analysis Team (GReAT) and as Watch Commander at HSBC (GCO), investigating cyberthreats, responding to security incidents, and presenting at security events worldwide.

He has collaborated as an expert associate professor at Tecnológico de Monterrey (ITESM) and is a member of the High Technology Crime Investigation Association (HTCIA).

Roberto has more than 18 years of experience in cybersecurity fields such as offensive security, malware analysis, digital forensics, incident response, threat intelligence, and threat hunting.

He also worked as a security consultant and instructor for governments, financial institutions, and private corporations in Latin America.

I thank God; my wonderful wife, Claudia; my beloved children, Ale, Luis, Robert; my family; friends; and the loved ones who always supported me in all those endless hours on nights and weekends when I was not with them to dedicate myself to writing this book.

Special thanks to my friend Andrés Velázquez, who I esteem and admire for his outstanding professional career and agreeing to be the presenter at the book's launch.

I also thank the whole Packt team, especially Vijin Boricha, Romy Dias, Ajesh Devavaran, Vaidehi Sawant, and Troy Mitchell, for their valuable support and patience in helping me improve and make this book a reality.

About the reviewer

Troy Mitchell is a cybersecurity professional with three decades of experience in information technology and cybersecurity, both on the defensive and offensive sides.

His expertise is mainly in incident response, digital forensics, malware analysis, threat hunting, penetration testing, and threat intelligence.

Troy retains many professional certifications, including Certified Ethical Hacker (CEH), Certified Network Defense Architect (CNDA), VMware VCP, and MCSE: Security.

He has worked for private sector companies as well as several government agencies.

He is currently a senior cybersecurity engineer with a global engineering company.

Troy is a highly active member of the cybersecurity community, along with playing in Capture the Flag (CTF) events.

I'd like to thank Packt Publishing for the opportunity to be selected as a technical reviewer to review and contribute to this book.

I would also like to thank my wife and daughter for supporting me as I worked on reviewing this book after work and on weekends, accompanied by my sidekick Skittles, the tabby cat.