book

Adversarial Tradecraft in Cybersecurity

by Dan Borges

June 2021

Intermediate to advanced

246 pages

7h 40m

English

Packt Publishing

Read now

Unlock full access

Who this book is forWhat this book coversTo get the most out of this bookGet in touch
Adversarial theoryCIAAANGame theoryPrinciples of computer conflictOffense versus defensePrinciple of deceptionPrinciple of physical accessPrinciple of humanityPrinciple of economyPrinciple of planningPrinciple of innovationPrinciple of timeSummaryReferences
Essential considerationsCommunicationsLong-term planningExpertiseOperational planningDefensive perspectiveSignal collectionData managementAnalysis toolingDefensive KPIsOffensive perspectiveScanning and exploitationPayload developmentAuxiliary toolingOffensive KPIsSummaryReferences
Gaining the advantageOffensive perspectiveProcess injectionIn-memory operationsDefensive perspectiveDetecting process injectionPreparing for attacker techniquesThe invisible defenseSummaryReferences
Offensive perspectivePersistence optionsLOLbinsDLL search order hijackingExecutable file infectionCovert command and control channelsICMP C2DNS C2Domain frontingCombining offensive techniquesDefensive perspectiveC2 detectionICMP C2 detectionDNS C2 detectionPersistence detectionDetecting DLL search order hijackingDetecting backdoored executablesHoney tricksHoney tokensHoneypotsSummaryReferences
Offensive perspectiveClearing logsHybrid approachRootkitsDefensive perspectiveData integrity and verificationDetecting rootkitsManipulating attackersKeeping attackers distractedTricking attackersSummaryReferences
Offensive perspectiveSituational awarenessUnderstanding the systemClear the Bash historyAbusing DockerGleaning operational informationKeyloggingScreenshot spyGetting passwordsSearching files for secretsBackdooring password utilitiesPivotingSSH agent hijackingSSH ControlMaster hijackingRDP hijackingHijacking other administrative controlsDefensive perspectiveExploring users, processes, and connectionsRoot cause analysisKilling malicious processesKilling connections and banning IPsNetwork quarantineRotating credentialsRestricting permissionsChattr revisitedchrootUsing namespacesControlling usersShut it downHacking backHunting attacker infrastructureExploiting attacker toolsSummaryReferences
Gaming the gameOffensive perspectiveThe world of memory corruptionTargeting research and prepTarget exploitationCreative pivotingDefensive perspectiveTool exploitationThreat modelingOperating system and application researchLog and analyze your own dataAttributionSummaryReferences
Offensive perspectiveExfiltrationProtocol tunnelingSteganographyAnonymity networksEnding the operationProgram security versus operational securityTaking down infrastructureRotating offensive toolsRetiring and replacing techniquesDefensive perspectiveResponding to an intrusionThe big flipThe remediation effortA post-mortem after the incidentForward lookingPublish resultsSummaryReferences

Content preview from Adversarial Tradecraft in Cybersecurity

6 Real-Time Conflict

Eventually there comes a time in these attack and defense operations when you find yourself active on the same machine as an aggressor or defender. Perhaps a defender has homed in on the attacker and made the mistake of revealing both actors are on the same machine, at the same time. This chapter will provide techniques for when two hostile parties become aware of each other on the same machine. It will show quick and decisive actions you can use to gain the advantage in this situation, as either an attacker who spies on the defender or as the defender with ultimate control over the situation. In this chapter, we will examine techniques to restrict, block, or even exploit other users on the same machine for more information. ...