O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Cybersecurity - Attack and Defense Strategies

Book Description

Enhance your organization's secure posture by improving your attack and defense strategies

About This Book

  • Gain a clear understanding of the attack methods, and patterns to recognize abnormal behavior within your organization with Blue Team tactics.
  • Learn to unique techniques to gather exploitation intelligence, identify risk and demonstrate impact with Red Team and Blue Team strategies.
  • A practical guide that will give you hands-on experience to mitigate risks and prevent attackers from infiltrating your system.

Who This Book Is For

This book aims at IT professional who want to venture the IT security domain. IT pentester, Security consultants, and ethical hackers will also find this course useful. Prior knowledge of penetration testing would be beneficial.

What You Will Learn

  • Learn the importance of having a solid foundation for your security posture
  • Understand the attack strategy using cyber security kill chain
  • Learn how to enhance your defense strategy by improving your security policies, hardening your network, implementing active sensors, and leveraging threat intelligence
  • Learn how to perform an incident investigation
  • Get an in-depth understanding of the recovery process
  • Understand continuous security monitoring and how to implement a vulnerability management strategy
  • Learn how to perform log analysis to identify suspicious activities

In Detail

The book will start talking about the security posture before moving to Red Team tactics, where you will learn the basic syntax for the Windows and Linux tools that are commonly used to perform the necessary operations. You will also gain hands-on experience of using new Red Team techniques with powerful tools such as python and PowerShell, which will enable you to discover vulnerabilities in your system and how to exploit them. Moving on, you will learn how a system is usually compromised by adversaries, and how they hack user's identity, and the various tools used by the Red Team to find vulnerabilities in a system.

In the next section, you will learn about the defense strategies followed by the Blue Team to enhance the overall security of a system. You will also learn about an in-depth strategy to ensure that there are security controls in each network layer, and how you can carry out the recovery process of a compromised system. Finally, you will learn how to create a vulnerability management strategy and the different techniques for manual log analysis.

By the end of this book, you will be well-versed with Red Team and Blue Team techniques and will have learned the techniques used nowadays to attack and defend systems.

Style and approach

This book uses a practical approach of the cybersecurity kill chain to explain the different phases of the attack, which includes the rationale behind each phase, followed by scenarios and examples that brings the theory into practice.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the color images
      2. Conventions used
    4. Get in touch
      1. Reviews
  2. Security Posture
    1. The current threat landscape
      1. The credentials – authentication and authorization
      2. Apps
      3. Data
    2. Cybersecurity challenges
      1. Old techniques and broader results
      2. The shift in the threat landscape
    3. Enhancing your security posture
    4. The Red and Blue Team
      1. Assume breach
    5. References
    6. Summary
  3. Incident Response Process
    1. Incident response process
      1. Reasons to have an IR process in place
      2. Creating an incident response process
      3. Incident response team
      4. Incident life cycle
    2. Handling an incident
      1. Best practices to optimize incident handling
    3. Post-incident activity
      1. Real-world scenario
      2. Lessons learned
    4. Incident response in the cloud
      1. Updating your IR process to include cloud
    5. References
    6. Summary
  4. Understanding the Cybersecurity Kill Chain
    1. External reconnaissance
      1. Scanning
        1. NMap
        2. Metasploit
        3. John the Ripper
        4. THC Hydra
        5. Wireshark
        6. Aircrack-ng
        7. Nikto
        8. Kismet
        9. Cain and Abel
    2. Access and privilege escalation
      1. Vertical privilege escalation
      2. Horizontal privilege escalation
    3. Exfiltration
    4. Sustainment
    5. Assault
    6. Obfuscation
    7. Threat life cycle management
    8. References
    9. Summary
  5. Reconnaissance
    1. External reconnaissance
      1. Dumpster diving
      2. Social media
      3. Social engineering
        1. Pretexting
        2. Diversion theft
        3. Phishing
          1. Phone phishing (vishing)
          2. Spear phishing
        4. Water holing
        5. Baiting
        6. Quid pro quo
        7. Tailgating
    2. Internal reconnaissance
      1. Sniffing and scanning
        1. Prismdump
        2. tcpdump
        3. NMap
        4. Wireshark
        5. Scanrand
        6. Cain and Abel
        7. Nessus
        8. Metasploit
        9. Aircrack-ng
      2. Wardriving
    3. Conclusion of the reconnaissance chapter
    4. References
    5. Summary
  6. Compromising the System
    1. Analyzing current trends
      1. Extortion attacks
      2. Data manipulation attacks
      3. IoT device attacks
      4. Backdoors
      5. Mobile device attacks
      6. Hacking everyday devices
      7. Hacking the cloud
    2. Phishing
    3. Exploiting a vulnerability
    4. Zero-day
      1. Fuzzing
      2. Source code analysis
      3. Types of zero-day exploits
        1. Buffer overflows
      4. Structured exception handler overwrites
    5. Performing the steps to compromise a system
      1. Deploying payloads
        1. Installing and using a vulnerability scanner
        2. Using Metasploit
      2. Compromising operating systems
        1. Compromising systems using Kon-Boot or Hiren's BootCD
        2. Compromising systems using a Linux Live CD
        3. Compromising systems using preinstalled applications
        4. Compromising systems using Ophcrack
      3. Compromising a remote system
      4. Compromising web-based systems
        1. SQL injection
        2. Cross-site scripting
        3. Broken authentication
        4. DDoS attacks
    6. References
    7. Summary
  7. Chasing a User's Identity
    1. Identity is the new perimeter
    2. Strategies for compromising a user's identity
      1. Gaining access to the network
      2. Harvesting credentials
    3. Hacking a user's identity
      1. Brute force
      2. Social engineering
      3. Pass the hash
      4. Other methods to hack identity
    4. References
    5. Summary
  8. Lateral Movement
    1. Infiltration
      1. Network mapping
      2. Avoiding alerts
    2. Performing lateral movement
      1. Port scans
      2. Sysinternals
      3. File shares
      4. Remote Desktop
      5. PowerShell
      6. Windows Management Instrumentation
      7. Scheduled tasks
      8. Token stealing
      9. Pass-the-hash
      10. Active Directory
      11. Remote Registry
      12. Breached host analysis
      13. Central administrator consoles
      14. Email pillaging
    3. References
    4. Summary
  9. Privilege Escalation
    1. Infiltration
      1. Horizontal privilege escalation
      2. Vertical privilege escalation
    2. Avoiding alerts
    3. Performing privilege escalation
      1. Exploiting unpatched operating systems
      2. Access token manipulation
      3. Exploiting accessibility features
      4. Application shimming
      5. Bypassing user account control
      6. DLL injection
      7. DLL search order hijacking
      8. Dylib hijacking
      9. Exploration of vulnerabilities
      10. Launch daemon
      11. Hands-on example of privilege escalation on a Windows 8 target
    4. Conclusion and lessons learned
    5. References
    6. Summary
  10. Security Policy
    1. Reviewing your security policy
    2. Educating the end user
      1. Social media security guidelines for users
      2. Security awareness training
    3. Policy enforcement
      1. Application whitelisting
      2. Hardening
    4. Monitoring for compliance
    5. References
    6. Summary
  11. Network Segmentation
    1. Defense in depth approach
      1. Infrastructure and services
      2. Documents in transit
      3. Endpoints
    2. Physical network segmentation
      1. Discovering your network
    3. Securing remote access to the network
      1. Site-to-site VPN
    4. Virtual network segmentation
    5. Hybrid cloud network security
    6. References
    7. Summary
  12. Active Sensors
    1. Detection capabilities
      1. Indicators of compromise
    2. Intrusion detection systems
    3. Intrusion prevention system
      1. Rule-based detection
      2. Anomaly-based detection
    4. Behavior analytics on-premises
      1. Device placement
    5. Behavior analytics in a hybrid cloud
      1. Azure Security Center
    6. References
    7. Summary
  13. Threat Intelligence
    1. Introduction to threat intelligence
    2. Open source tools for threat intelligence
    3. Microsoft threat intelligence
      1. Azure Security Center
    4. Leveraging threat intelligence to investigate suspicious activity
    5. References
    6. Summary
  14. Investigating an Incident
    1. Scoping the issue
      1. Key artifacts
    2. Investigating a compromised system on-premises
    3. Investigating a compromised system in a hybrid cloud
      1. Search and you shall find it
    4. Lessons learned
    5. References
    6. Summary
  15. Recovery Process
    1. Disaster recovery plan
      1. The disaster recovery planning process
        1. Forming a disaster recovery team
        2. Performing risk assessment
        3. Prioritizing processes and operations
        4. Determining recovery strategies
        5. Collecting data
        6. Creating the disaster recovery plan
        7. Testing the plan
        8. Obtaining approval
        9. Maintaining the plan
      2. Challenges
    2. Live recovery
    3. Contingency planning
      1. IT contingency planning process
        1. Development of the contingency planning policy
        2. Conducting business impact analysis
          1. Identifying the critical IT resources
          2. Identifying disruption impacts
          3. Developing recovery priorities
        3. Identifying the preventive controls
        4. Developing recovery strategies
          1. Backups
          2. Alternative sites
          3. Equipment replacement
          4. Plan testing, training, and exercising
        5. Plan maintenance
    4. Best practices for recovery
    5. References
    6. Summary
  16. Vulnerability Management
    1. Creating a vulnerability management strategy
      1. Asset inventory
      2. Information management
      3. Risk assessment
        1. Scope
        2. Collecting data
        3. Analysis of policies and procedures
        4. Vulnerability analysis
        5. Threat analysis
        6. Analysis of acceptable risks
      4. Vulnerability assessment
      5. Reporting and remediation tracking
      6. Response planning
      7. Vulnerability management tools
        1. Asset inventory tools
          1. Peregrine tools
          2. LANDesk Management Suite
          3. StillSecure
          4. Foundstone's Enterprise
        2. Information management tools
        3. Risk assessment tools
        4. Vulnerability assessment tools
        5. Reporting and remediation tracking tools
        6. Response planning tools
    2. Implementation of vulnerability management
    3. Best practices for vulnerability management
    4. Implementing vulnerability management with Nessus
    5. Flexera (Secunia) Personal Software Inspector
    6. Conclusion
    7. References
    8. Summary
  17. Log Analysis
    1. Data correlation
    2. Operating system logs
      1. Windows logs
      2. Linux logs
    3. Firewall logs
    4. Web server logs
    5. References
    6. Summary
  18. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think