book

Cybersecurity – Attack and Defense Strategies - Second Edition

by Yuri Diogenes, Dr. Erdal Ozkaya

December 2019

Intermediate to advanced

634 pages

14h 57m

English

Packt Publishing

Read now

Unlock full access

Who this book is forWhat this book coversTo get the most out of this bookDownload the color imagesConventions usedGet in touchReviews
The current threat landscapeThe credentials – authentication and authorizationAppsDataCybersecurity challengesOld techniques and broader resultsThe shift in the threat landscapeEnhancing your security postureCloud Security Posture ManagementThe Red and Blue TeamsAssume breachSummaryReferences
The incident response processReasons to have an IR process in placeCreating an incident response processIncident response teamIncident life cycleHandling an incidentBest practices to optimize incident handlingPost-incident activityReal-world scenarioLessons learnedIncident response in the cloudUpdating your IR process to include cloudAppropriate toolsetIR Process from the Cloud Solution Provider (CSP) perspectiveSummaryReferences
IntroductionWhy do we need to build a cyber strategy?How to build a cyber strategyUnderstand the businessUnderstand threats and risksDocumentBest cyber attack strategies (Red Team)External testing strategiesInternal testing strategiesBlind testing strategyTargeted testing strategyBest cyber defense strategies (Blue Team)Defense in depthDefense in breadthSummaryFurther reading
Introducing the Cyber Kill ChainReconnaissanceWeaponizationPrivilege EscalationVertical privilege escalationHorizontal privilege escalationExfiltrationSustainmentAssaultObfuscationObfuscation TechniquesDynamic code obfuscationHiding TrailsThreat Life Cycle ManagementData Collection PhaseDiscovery PhaseQualification PhaseInvestigation PhaseNeutralization PhaseRecovery PhaseShared filesTools used in the Cyber Kill Chain PhasesNmapZenmapMetasploitJohn the RipperHydraWiresharkAircrack-ngNiktoKismetAirgeddonDeauther BoardMitigations against wireless attacksEvilOSXCybersecurity Kill Chain SummaryLab – Hacking Wireless Network/s via Evil Twin AttackThe Lab ScenarioStep 1 – Ensure you have all required hardware and software for the "simulated attack"Step 2 – Install Airgeddon in KaliStep 3 – Configure AirgeddonStep 4 – Select targetStep 5 – Gather the handshakeStep 6 – Set the phishing pageStep 7 – Capture the network credentialsLab SummaryReferencesFurther reading
External reconnaissanceWebshagPhoneInfogaEmail harvester – TheHarvesterWeb Browser Enumeration ToolsPenetration Testing KitNetcraftDumpster divingSocial mediaSocial engineeringPretextingDiversion theftPhishingKeepnet LabsWater holingBaitingQuid pro quoTailgatingInternal reconnaissanceAirgraph-ngSniffing and scanningPrismdumpTcpdumpNmapWiresharkScanrandMasscanCain and AbelNessusMetasploitAircrack-ngWardrivingHak5 Plunder BugCATTCanary token linksSummaryLABGoogle HackingPart 1: Hacking personal informationPart 2: Hacking ServersReferences
Analyzing current trendsExtortion attacksData manipulation attacksIoT device attacksBackdoorsMobile device attacksHacking everyday devicesHacking the cloudThe appeal of cloud attacksCloud Hacking ToolsCloudTrackerOWASP DevSlop ToolCloud security recommendationsPhishingExploiting a vulnerabilityHot PotatoZero-dayWhatsApp vulnerability (CVE-2019-3568)Chrome zero-day vulnerability (CVE-2019-5786)Windows 10 Privilege escalationWindows privilege escalation vulnerability (CVE20191132)FuzzingSource code analysisTypes of zero-day exploitsBuffer overflowsStructured exception handler overwritesPerforming the steps to compromise a systemDeploying payloadsInstalling and using a vulnerability scannerUsing MetasploitCompromising operating systemsCompromising a remote systemCompromising web-based systemsMobile phone (iOS / Android attacks)ExodusSensorIDiPhone hack by Cellebrite Man-in-the-diskSpearphone (loudspeaker data capture on Android)Tap n GhostRed and Blue Team Tools for Mobile DevicesSnoopdroidAndroguardFridaCycriptiOS Implant TeardownLabBuilding a Red Team PC in WindowsLab 2: Hack those websites (legally!)bWAPPHackThis!!OWASP Juice Shop ProjectTry2HackGoogle GruyereDamn Vulnerable Web Application (DVWA)SummaryReferencesFurther reading
Identity is the new perimeterStrategies for compromising a user's identityGaining access to the networkHarvesting credentialsHacking a user's identityBrute forceSocial engineeringPass the hashIdentity theft through mobile devicesOther methods for hacking an identitySummaryReferences
InfiltrationNetwork mappingAvoiding alertsPerforming lateral movementThink like a HackerPort scansSysinternalsFile sharesWindows DCOMRemote DesktopPowerShellWindows Management InstrumentationScheduled tasksToken stealingStolen credentialsRemovable mediaTainted Shared ContentRemote RegistryTeamViewerApplication deploymentNetwork SniffingARP spoofingAppleScript and IPC (OS X)Breached host analysisCentral administrator consolesEmail pillagingActive DirectoryAdmin sharesPass the ticketPass the hash (PtH)WinlogonLsass.exe ProcessSecurity Accounts Manager (SAM) databaseDomain Active Directory Database (NTDS.DIT):Credential Manager (CredMan) store:PtH Mitigation RecommendationsLabHunting Malware without antivirusSummaryReferencesFurther reading
InfiltrationHorizontal Privilege EscalationVertical Privilege EscalationAvoiding alertsPerforming Privilege EscalationExploiting unpatched operating systemsAccess token manipulationExploiting accessibility featuresApplication shimmingBypassing user account controlDLL injectionDLL search order hijackingDylib hijackingExploration of vulnerabilitiesLaunch daemonHands-on example of Privilege Escalation on a Windows targetPrivilege escalation techniquesDumping the SAM fileRooting AndroidUsing the /etc/passwd fileExtra window memory injectionHookingNew servicesScheduled tasksWindows Boot SequenceStartup itemsStartup 101Sudo cachingAdditional tools for privilege escalation0xsp Mongoose v1.7Conclusion and lessons learnedSummaryLab 1Lab 2Part 1 – Retrieving passwords from LSASSPart 2 – Dumping Hashes with PowerSploitLab 3: HackTheBoxReferences

Reviewing your security policyEducating the end userSocial media security guidelines for usersSecurity awareness trainingPolicy enforcementApplication whitelistingHardeningMonitoring for complianceContinuously driving security posture enhancement via security policySummaryReferences
The defense in depth approachInfrastructure and servicesDocuments in transitEndpointsPhysical network segmentationDiscovering your networkSecuring remote access to the networkSite-to-site VPNVirtual network segmentationZero trust networkPlanning zero trust network adoptionHybrid cloud network securityCloud network visibilitySummaryRef
Detection capabilitiesIndicators of compromiseIntrusion detection systemsIntrusion prevention systemRule-based detectionAnomaly-based detectionBehavior analytics on-premisesDevice placementBehavior analytics in a hybrid cloudAzure Security CenterAnalytics for PaaS workloadsSummaryReferences
Introduction to threat intelligenceOpen source tools for threat intelligenceFree threat intelligence feedsMicrosoft threat intelligenceAzure SentinelLeveraging threat intelligence to investigate suspicious activitySummaryReferences
Scoping the issueKey artifactsInvestigating a compromised system on-premisesInvestigating a compromised system in a hybrid cloudIntegrating Azure Security Center with your SIEM for InvestigationProactive investigation (threat hunting)Lessons learnedSummaryReferences
Disaster recovery planThe disaster recovery planning processForming a disaster recovery teamPerforming risk assessmentPrioritizing processes and operationsDetermining recovery strategiesCollecting dataCreating the DR planTesting the planObtaining approvalMaintaining the planChallengesContingency planningIT contingency planning processDevelopment of the contingency planning policyConducting business impact analysisIdentifying the preventive controlsBusiness continuity vs Disaster recoveryDeveloping recovery strategiesLive recoveryPlan maintenanceCyber Incident Recovery Examples from the fieldRisk management toolsRiskNAVIT Risk Management AppBest practices for recovery planningDisaster recovery best practicesOn-PremisesOn the cloudHybridCyber-resilient recommendationsSummaryResources for DR PlanningReferencesFurther reading
Creating a vulnerability management strategyAsset inventoryInformation managementRisk assessmentScopeCollecting dataAnalysis of policies and proceduresVulnerability analysisThreat analysisAnalysis of acceptable risksVulnerability assessmentReporting and remediation trackingResponse planningVulnerability management toolsAsset inventory toolsPeregrine toolsLANDesk Management SuiteStillSecureMcAfee's EnterpriseInformation management toolsRisk assessment toolsVulnerability assessment toolsReporting and remediation tracking toolsResponse planning toolsImplementation of vulnerability managementBest practices for vulnerability managementVulnerability management toolsIntruderPatch Manager PlusInsightVMAzure Threat & Vulnerability ManagementImplementing vulnerability management with NessusOpenVASQualysAcunetixLABSLab 1: Performing an online vulnerability scan with AcunetixLab 2: Network security scan with GFI LanGuardSummaryReferences
Data correlationOperating system logsWindows logsLinux logsFirewall logsWeb server logsAmazon Web Services (AWS) logsAccessing AWS logs from Azure SentinelAzure Activity logsAccessing Azure Activity logs from Azure SentinelSummaryReferences

Overview

Cybersecurity - Attack and Defense Strategies, Second Edition, equips readers with the tools and techniques to protect their organizations from evolving threats. Packed with the latest information on Cloud Security Posture Management and Zero Trust Network strategies, this book offers practical guidance on assessing risks and enhancing system defenses.

What this Book will help me do

Understand and apply the cybersecurity kill chain to anticipate and mitigate attack strategies.
Leverage advanced tools like Azure Sentinel to build a comprehensive security posture for your organization.
Perform in-depth threat analysis, incident investigation, and log analysis to detect and respond to vulnerabilities.
Implement proactive defense measures such as security policy adjustments, network segmentation, and active sensor deployment.
Gain knowledge of cloud-specific security challenges and solutions, including those for hybrid environments.

Author(s)

Yuri Diogenes and Dr. Erdal Ozkaya are seasoned cybersecurity experts with extensive industry and teaching experience. Yuri, an accomplished author, specializes in security solutions and has contributed to numerous well-regarded publications. Erdal, with a doctorate in cybersecurity, is renowned for his teaching and practical approach to protecting organizations from modern threats. Together, they craft accessible and actionable content for a global audience.

Who is it for?

This book is ideal for IT professionals stepping into cybersecurity roles, ethical hackers, pentesters, and security consultants aiming to fortify their skill set. Beginner to intermediate learners with a working knowledge of IT networks will find it particularly useful for building practical security measures and understanding attacker mindsets. If you seek to enhance your capability to defend against cyber threats using real-world tools and methods, this is for you.