book

Cybersecurity Ops with bash

by Paul Troncone, Carl Albing

April 2019

Intermediate to advanced

303 pages

6h 16m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
Who This Book Is ForBash or bashScript RobustnessWorkshopsConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgmentsDisclaimer
I. Foundations
1. Command-Line Primer
The Command Line DefinedWhy bash?Command-Line IllustrationsRunning Linux and bash on WindowsGit BashCygwinWindows Subsystem for LinuxWindows Command Prompt and PowerShellCommand-Line BasicsCommands, Arguments, Built-ins, and KeywordsStandard Input/Output/ErrorRedirection and PipingRunning Commands in the BackgroundFrom Command Line to ScriptSummaryWorkshop
2. Bash Primer
OutputVariablesPositional ParametersInputConditionalsLoopingFunctionsFunction ArgumentsReturning ValuesPattern Matching in bashWriting Your First Script—Detecting Operating System TypeSummaryWorkshop
3. Regular Expressions Primer
Commands in Usegrepgrep and egrepRegular Expression MetacharactersThe “.” MetacharacterThe “?” MetacharacterThe “*” MetacharacterThe “+” MetacharacterGroupingBrackets and Character ClassesBack ReferencesQuantifiersAnchors and Word BoundariesSummaryWorkshop
4. Principles of Defense and Offense
CybersecurityConfidentialityIntegrityAvailabilityNonrepudiationAuthenticationThe Attack Life CycleReconnaissanceInitial ExploitationEstablish FootholdEscalate PrivilegesInternal ReconnaissanceLateral MovementMaintain PresenceComplete MissionSummary
II. Defensive Security Operations with bash
5. Data Collection
Commands in UsecutfileheadregwevtutilGathering System InformationExecuting a Command Remotely Using SSHGathering Linux LogfilesGathering Windows LogfilesGathering System InformationGathering the Windows RegistrySearching the FilesystemSearching by FilenameSearching for Hidden FilesSearching by File SizeSearching by TimeSearching for ContentSearching by File TypeSearching by Message Digest ValueTransferring DataSummaryWorkshop
6. Data Processing
Commands in UseawkjoinsedtailtrProcessing Delimited FilesIterating Through Delimited DataProcessing by Character PositionProcessing XMLProcessing JSONAggregating DataSummaryWorkshop
7. Data Analysis
Commands in UsesortuniqWeb Server Access Log FamiliarizationSorting and Arranging DataCounting Occurrences in DataTotaling Numbers in DataDisplaying Data in a HistogramFinding Uniqueness in DataIdentifying Anomalies in DataSummaryWorkshop

8. Real-Time Log Monitoring
Monitoring Text LogsLog-Based Intrusion DetectionMonitoring Windows LogsGenerating a Real-Time HistogramSummaryWorkshop
9. Tool: Network Monitor
Commands in UsecrontabschtasksStep 1: Creating a Port ScannerStep 2: Comparing to Previous OutputStep 3: Automation and NotificationScheduling a Task in LinuxScheduling a Task in WindowsSummaryWorkshop
10. Tool: Filesystem Monitor
Commands in UsesdiffStep 1: Baselining the FilesystemStep 2: Detecting Changes to the BaselineStep 3: Automation and NotificationSummaryWorkshop
11. Malware Analysis
Commands in UsecurlvixxdReverse EngineeringHexadecimal, Decimal, Binary, and ASCII ConversionsAnalyzing with xxdExtracting StringsInterfacing with VirusTotalSearching the Database by Hash ValueScanning a FileScanning URLs, Domains, and IP AddressesSummaryWorkshop
12. Formatting and Reporting
Commands in UsetputFormatting for Display and Print with HTMLCreating a DashboardSummaryWorkshop
III. Penetration Testing with bash
13. Reconnaissance
Commands in UseftpCrawling WebsitesAutomated Banner GrabbingSummaryWorkshop
14. Script Obfuscation
Commands in Usebase64evalObfuscating SyntaxObfuscating LogicEncryptingCryptography PrimerEncrypting the ScriptCreating the WrapperCreating Your Own CryptoSummaryWorkshop
15. Tool: Command-Line Fuzzer
ImplementationSummaryWorkshop
16. Establishing a Foothold
Commands in UsencSingle-Line BackdoorsReverse SSHBash BackdoorCustom Remote-Access ToolImplementationSummaryWorkshop
IV. Security Administration with bash
17. Users, Groups, and Permissions
Commands in UsechmodchowngetfaclgroupaddsetfacluseraddusermodicaclsnetUsers and GroupsCreating Linux Users and GroupsCreating Windows Users and GroupsFile Permissions and Access Control ListsLinux File PermissionsWindows File PermissionsMaking Bulk ChangesSummaryWorkshop
18. Writing Log Entries
Commands in UseeventcreateloggerWriting Windows LogsWriting Linux LogsSummaryWorkshop
19. Tool: System Availability Monitor
Commands in UsepingImplementationSummaryWorkshop
20. Tool: Software Inventory
Commands in UseaptdpkgwmicyumImplementationIdentifying Other SoftwareSummaryWorkshop
21. Tool: Validating Configuration
ImplementationSummaryWorkshop
22. Tool: Account Auditing
Have I Been Pwned?Checking for a Breached PasswordChecking for a Breached Email AddressBatch-Processing EmailsSummaryWorkshop
23. Conclusion
Index

Overview

If you hope to outmaneuver threat actors, speed and efficiency need to be key components of your cybersecurity operations. Mastery of the standard command-line interface (CLI) is an invaluable skill in times of crisis because no other software application can match the CLI’s availability, flexibility, and agility. This practical guide shows you how to use the CLI with the bash shell to perform tasks such as data collection and analysis, intrusion detection, reverse engineering, and administration.

Authors Paul Troncone, founder of Digadel Corporation, and Carl Albing, coauthor of bash Cookbook (O’Reilly), provide insight into command-line tools and techniques to help defensive operators collect data, analyze logs, and monitor networks. Penetration testers will learn how to leverage the enormous amount of functionality built into nearly every version of Linux to enable offensive operations.

In four parts, security practitioners, administrators, and students will examine:

Foundations: Principles of defense and offense, command-line and bash basics, and regular expressions
Defensive security operations: Data collection and analysis, real-time log monitoring, and malware analysis
Penetration testing: Script obfuscation and tools for command-line fuzzing and remote access
Security administration: Users, groups, and permissions; device and software inventory

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781492041306Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills