book

Adversarial Tradecraft in Cybersecurity

by Dan Borges

June 2021

Intermediate to advanced

246 pages

7h 40m

English

Packt Publishing

Read now

Unlock full access

Who this book is forWhat this book coversTo get the most out of this bookGet in touch
Adversarial theoryCIAAANGame theoryPrinciples of computer conflictOffense versus defensePrinciple of deceptionPrinciple of physical accessPrinciple of humanityPrinciple of economyPrinciple of planningPrinciple of innovationPrinciple of timeSummaryReferences
Essential considerationsCommunicationsLong-term planningExpertiseOperational planningDefensive perspectiveSignal collectionData managementAnalysis toolingDefensive KPIsOffensive perspectiveScanning and exploitationPayload developmentAuxiliary toolingOffensive KPIsSummaryReferences
Gaining the advantageOffensive perspectiveProcess injectionIn-memory operationsDefensive perspectiveDetecting process injectionPreparing for attacker techniquesThe invisible defenseSummaryReferences
Offensive perspectivePersistence optionsLOLbinsDLL search order hijackingExecutable file infectionCovert command and control channelsICMP C2DNS C2Domain frontingCombining offensive techniquesDefensive perspectiveC2 detectionICMP C2 detectionDNS C2 detectionPersistence detectionDetecting DLL search order hijackingDetecting backdoored executablesHoney tricksHoney tokensHoneypotsSummaryReferences
Offensive perspectiveClearing logsHybrid approachRootkitsDefensive perspectiveData integrity and verificationDetecting rootkitsManipulating attackersKeeping attackers distractedTricking attackersSummaryReferences
Offensive perspectiveSituational awarenessUnderstanding the systemClear the Bash historyAbusing DockerGleaning operational informationKeyloggingScreenshot spyGetting passwordsSearching files for secretsBackdooring password utilitiesPivotingSSH agent hijackingSSH ControlMaster hijackingRDP hijackingHijacking other administrative controlsDefensive perspectiveExploring users, processes, and connectionsRoot cause analysisKilling malicious processesKilling connections and banning IPsNetwork quarantineRotating credentialsRestricting permissionsChattr revisitedchrootUsing namespacesControlling usersShut it downHacking backHunting attacker infrastructureExploiting attacker toolsSummaryReferences
Gaming the gameOffensive perspectiveThe world of memory corruptionTargeting research and prepTarget exploitationCreative pivotingDefensive perspectiveTool exploitationThreat modelingOperating system and application researchLog and analyze your own dataAttributionSummaryReferences
Offensive perspectiveExfiltrationProtocol tunnelingSteganographyAnonymity networksEnding the operationProgram security versus operational securityTaking down infrastructureRotating offensive toolsRetiring and replacing techniquesDefensive perspectiveResponding to an intrusionThe big flipThe remediation effortA post-mortem after the incidentForward lookingPublish resultsSummaryReferences

Content preview from Adversarial Tradecraft in Cybersecurity

7 The Research Advantage

This chapter will focus on leveraging the principle of innovation to gain an advantage in a conflict. Investing in additional research, such as exploits or new log sources, can give either side a significant leg up in these conflicts. We will see throughout this chapter how complex technology stacks have left a myriad of vulnerabilities and forensic artifacts hidden in their implementations. This research can be shallow reconnaissance, such as gaining a basic understanding of the tools and techniques the opponent uses, to ensure you can detect them in your environment. Or it can be deep research, such as looking at specific applications your target uses and developing exploits for their tools. This chapter will focus ...