Book description
Updated edition of the bestselling guide for planning attack and defense strategies based on the current threat landscape
Key Features
- Updated for ransomware prevention, security posture management in multi-cloud, Microsoft Defender for Cloud, MITRE ATT&CK Framework, and more
- Explore the latest tools for ethical hacking, pentesting, and Red/Blue teaming
- Includes recent real-world examples to illustrate the best practices to improve security posture
Book Description
Cybersecurity – Attack and Defense Strategies, Third Edition will bring you up to speed with the key aspects of threat assessment and security hygiene, the current threat landscape and its challenges, and how to maintain a strong security posture.
In this carefully revised new edition, you will learn about the Zero Trust approach and the initial Incident Response process. You will gradually become familiar with Red Team tactics, where you will learn basic syntax for commonly used tools to perform the necessary operations. You will also learn how to apply newer Red Team techniques with powerful tools. Simultaneously, Blue Team tactics are introduced to help you defend your system from complex cyber-attacks. This book provides a clear, in-depth understanding of attack/defense methods as well as patterns to recognize irregular behavior within your organization. Finally, you will learn how to analyze your network and address malware, while becoming familiar with mitigation and threat detection techniques.
By the end of this cybersecurity book, you will have discovered the latest tools to enhance the security of your system, learned about the security controls you need, and understood how to carry out each step of the incident response process.
What you will learn
- Learn to mitigate, recover from, and prevent future cybersecurity events
- Understand security hygiene and value of prioritizing protection of your workloads
- Explore physical and virtual network segmentation, cloud network visibility, and Zero Trust considerations
- Adopt new methods to gather cyber intelligence, identify risk, and demonstrate impact with Red/Blue Team strategies
- Explore legendary tools such as Nmap and Metasploit to supercharge your Red Team
- Discover identity security and how to perform policy enforcement
- Integrate threat detection systems into your SIEM solutions
- Discover the MITRE ATT&CK Framework and open-source tools to gather intelligence
Who this book is for
If you are an IT security professional who wants to venture deeper into cybersecurity domains, this book is for you. Cloud security administrators, IT pentesters, security consultants, and ethical hackers will also find this book useful. Basic understanding of operating systems, computer networking, and web applications will be helpful.
Table of contents
- Preface
- Security Posture
- Incident Response Process
-
What is a Cyber Strategy?
- How to build a cyber strategy
- Why do we need to build a cyber strategy?
- Best cyber attack strategies
- Best cyber defense strategies
- Benefits of having a proactive cybersecurity strategy
-
Top cybersecurity strategies for businesses
- Training employees about security principles
- Protecting networks, information, and computers from viruses, malicious code, and spyware
- Having firewall security for all internet connections
- Using software updates
- Using backup copies
- Implementing physical restrictions
- Securing Wi-Fi networks
- Changing passwords
- Limiting access for employees
- Using unique user accounts
- Conclusion
- Further reading
-
Understanding the Cybersecurity Kill Chain
- Understanding the Cyber Kill Chain
- Security controls used to stop the Cyber Kill Chain
- Threat life cycle management
- Concerns about the Cybersecurity Kill Chain
- How the Cyber Kill Chain has evolved
- Tools used during the Cyber Kill Chain
- Comodo AEP via Dragon Platform
- Summary
- Further reading
- References
- Reconnaissance
- Compromising the System
- Chasing a User’s Identity
-
Lateral Movement
- Infiltration
- Network mapping
-
Performing lateral movement
- Stage 1 – User compromised (user action)
- Stage 2 – Workstation admin access (user = admin)
- Think like a hacker
- Avoiding alerts
- Port scans
- Sysinternals
- File shares
- Windows DCOM
- Remote Desktop
- PowerShell
- Windows Management Instrumentation
- Scheduled tasks
- Token stealing
- Stolen credentials
- Removable media
- Tainted shared content
- Remote Registry
- TeamViewer
- Application deployment
- Network sniffing
- ARP spoofing
- AppleScript and IPC (OS X)
- Breached host analysis
- Central administrator consoles
- Email pillaging
- Active Directory
- Admin shares
- Pass the Ticket
- Pass-the-Hash (PtH)
- Winlogon
- lsass.exe process
- Summary
- Further reading
- References
-
Privilege Escalation
-
Infiltration
- Horizontal privilege escalation
- Avoiding alerts
-
Performing privilege escalation
- Exploiting unpatched operating systems
- Access token manipulation
- Exploiting accessibility features
- Application shimming
- Bypassing user account control
- Privilege escalation and Container Escape Vulnerability (CVE-2022-0492)
- DLL injection
- DLL search order hijacking
- Dylib hijacking
- Exploration of vulnerabilities
- Launch daemon
- Hands-on example of privilege escalation on a Windows target
- Dumping the SAM file
- Rooting Android
- Using the /etc/passwd file
- Extra window memory injection
- Hooking
- Scheduled tasks
- New services
- Startup items
- Sudo caching
- Conclusion and lessons learned
- Summary
- References
-
Infiltration
- Security Policy
- Network Security
- Active Sensors
- Threat Intelligence
- Investigating an Incident
- Recovery Process
-
Vulnerability Management
- Creating a vulnerability management strategy
- Elements of a vulnerability strategy
- Differences between vulnerability management and vulnerability assessment
- Best practices for vulnerability management
-
Vulnerability management tools
- Asset inventory tools
- Information management tools
- Risk assessment tools
- Vulnerability assessment tools
- Reporting and remediation tracking tools
- Response planning tools
- Intruder
- Patch Manager Plus
- Windows Server Update Services (WSUS)
- Comodo Dragon platform
- InsightVM
- Azure Threat and Vulnerability Management
- Implementing vulnerability management with Nessus
- OpenVAS
- Qualys
- Acunetix
- Conclusion
- Summary
- Further reading
- References
- Log Analysis
- Other Books You May Enjoy
- Index
Product information
- Title: Cybersecurity - Attack and Defense Strategies
- Author(s):
- Release date: September 2022
- Publisher(s): Packt Publishing
- ISBN: 9781803248776
You might also like
book
Cybersecurity - Attack and Defense Strategies
Key Features Gain a clear understanding of the attack methods, and patterns to recognize abnormal behavior …
book
Cybersecurity – Attack and Defense Strategies - Second Edition
Updated and revised edition of the bestselling guide to developing defense strategies against the latest threats …
book
Cybersecurity Attacks – Red Team Strategies
Develop your red team skills by learning essential foundational tactics, techniques, and procedures, and boost the …
book
Mastering Defensive Security
An immersive learning experience enhanced with technical, hands-on labs to understand the concepts, methods, tools, platforms, …