HTB's SOC Analyst Path - Incident Handling Process(Fundamental - 1)

Event (Any action occurring in the system/network) ---> Incident (Any event with negative consequence) ---> Incident Handling (It is a clearly defined set of procedures to manage and respond to security incidents in a computer and network environment)

1. Resources for Incident Handling --> NIST Incident Handling Guide

2. Cyber Kill Chain (7 stages) (RWDEICA)

   Recon ---> Weaponize ---> Deliver ---> Exploit ---> Install ---> Command & Chain(C&C) ---> Action

3. Incident Handling Process (Cyclic)(4 stages) (PDCP)

   Preparation ---> Detection & Analysis ---> Containment Eradication & Recovery ---> Post - Incident Recovery

   1. Preparation (Stage 1)(Jump Bag)

      a) Skilled Incident Handling members

      b) Trained Workforce

      c) Clear policies and documentation

      d) Tools

   2. Preparation (Stage 2)

      a) DMARC

      b) Privilege Identity Management/MFA/Passwords

      c) Vulnerability Scanning

      d) User awareness training

      e) Purple team exercises

   3. Detection & Analysis

      a) Investigation

      Initial Investigation Data ---> IOC(Indicators of Compromise) ---> Compromised Systems ---> Collection & Analysis (Cyclic Process)

   4. CER(Containment Eradication and Recovery Stage)

      a) Long Term container --> isolated VLAN, shut down

      b) Short Term container --> Changing Passwords, Updating Firewall rules, Intruder Detection Systems

      Note: Questions asked in the path are very easy, so if you can't solve them, leave your dream of becoming SOC Analyst