Cybersecurity – Attack and Defense Strategies - Second Edition

Cybersecurity – Attack and Defense Strategies - Second Edition

by Yuri Diogenes, Erdal Ozkaya
Released December 2019
Publisher(s): Packt Publishing
ISBN: 9781838827793

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Updated and revised edition of the bestselling guide to developing defense strategies against the latest threats to cybersecurity

Key Features

  • Covers the latest security threats and defense strategies for 2020
  • Introduces techniques and skillsets required to conduct threat hunting and deal with a system breach
  • Provides new information on Cloud Security Posture Management, Microsoft Azure Threat Protection, Zero Trust Network strategies, Nation State attacks, the use of Azure Sentinel as a cloud-based SIEM for logging and investigation, and much more

Book Description

Cybersecurity – Attack and Defense Strategies, Second Edition is a completely revised new edition of the bestselling book, covering the very latest security threats and defense mechanisms including a detailed overview of Cloud Security Posture Management (CSPM) and an assessment of the current threat landscape, with additional focus on new IoT threats and cryptomining.

Cybersecurity starts with the basics that organizations need to know to maintain a secure posture against outside threat and design a robust cybersecurity program. It takes you into the mindset of a Threat Actor to help you better understand the motivation and the steps of performing an actual attack – the Cybersecurity kill chain. You will gain hands-on experience in implementing cybersecurity using new techniques in reconnaissance and chasing a user's identity that will enable you to discover how a system is compromised, and identify and then exploit the vulnerabilities in your own system.

This book also focuses on defense strategies to enhance the security of a system. You will also discover in-depth tools, including Azure Sentinel, to ensure there are security controls in each network layer, and how to carry out the recovery process of a compromised system.

What you will learn

  • The importance of having a solid foundation for your security posture
  • Use cyber security kill chain to understand the attack strategy
  • Boost your organization's cyber resilience by improving your security policies, hardening your network, implementing active sensors, and leveraging threat intelligence
  • Utilize the latest defense tools, including Azure Sentinel and Zero Trust Network strategy
  • Identify different types of cyberattacks, such as SQL injection, malware and social engineering threats such as phishing emails
  • Perform an incident investigation using Azure Security Center and Azure Sentinel
  • Get an in-depth understanding of the disaster recovery process
  • Understand how to consistently monitor security and implement a vulnerability management strategy for on-premises and hybrid cloud
  • Learn how to perform log analysis using the cloud to identify suspicious activities, including logs from Amazon Web Services and Azure

Who this book is for

For the IT professional venturing into the IT security domain, IT pentesters, security consultants, or those looking to perform ethical hacking. Prior knowledge of penetration testing is beneficial.

Table of contents

  1. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the color images
      2. Conventions used
    4. Get in touch
      1. Reviews
  2. Security Posture
    1. The current threat landscape
    2. The credentials – authentication and authorization
    3. Apps
      1. Data
    4. Cybersecurity challenges
      1. Old techniques and broader results
      2. The shift in the threat landscape
    5. Enhancing your security posture
      1. Cloud Security Posture Management
    6. The Red and Blue Teams
      1. Assume breach
    7. Summary
    8. References
  3. Incident Response Process
    1. The incident response process
      1. Reasons to have an IR process in place
      2. Creating an incident response process
      3. Incident response team
      4. Incident life cycle
    2. Handling an incident
      1. Best practices to optimize incident handling
    3. Post-incident activity
      1. Real-world scenario
      2. Lessons learned
    4. Incident response in the cloud
      1. Updating your IR process to include cloud
      2. Appropriate toolset
      3. IR Process from the Cloud Solution Provider (CSP) perspective
    5. Summary
    6. References
  4. What is a Cyber Strategy?
    1. Introduction
    2. Why do we need to build a cyber strategy?
    3. How to build a cyber strategy
      1. Understand the business
      2. Understand threats and risks
      3. Document
    4. Best cyber attack strategies (Red Team)
      1. External testing strategies
      2. Internal testing strategies
      3. Blind testing strategy
      4. Targeted testing strategy
    5. Best cyber defense strategies (Blue Team)
      1. Defense in depth
      2. Defense in breadth
    6. Summary
    7. Further reading
  5. Understanding the Cybersecurity Kill Chain
    1. Introducing the Cyber Kill Chain
    2. Reconnaissance
    3. Weaponization
    4. Privilege Escalation
      1. Vertical privilege escalation
      2. Horizontal privilege escalation
    5. Exfiltration
      1. Sustainment
      2. Assault
      3. Obfuscation
        1. Obfuscation Techniques
        2. Dynamic code obfuscation
        3. Hiding Trails
    6. Threat Life Cycle Management
      1. Data Collection Phase
      2. Discovery Phase
      3. Qualification Phase
      4. Investigation Phase
      5. Neutralization Phase
      6. Recovery Phase
      7. Shared files
    7. Tools used in the Cyber Kill Chain Phases
      1. Nmap
      2. Zenmap
      3. Metasploit
      4. John the Ripper
      5. Hydra
      6. Wireshark
      7. Aircrack-ng
      8. Nikto
      9. Kismet
      10. Airgeddon
      11. Deauther Board
        1. Mitigations against wireless attacks
      12. EvilOSX
    8. Cybersecurity Kill Chain Summary
    9. Lab – Hacking Wireless Network/s via Evil Twin Attack
      1. The Lab Scenario
      2. Step 1 – Ensure you have all required hardware and software for the "simulated attack"
      3. Step 2 – Install Airgeddon in Kali
      4. Step 3 – Configure Airgeddon
      5. Step 4 – Select target
      6. Step 5 – Gather the handshake
      7. Step 6 – Set the phishing page
      8. Step 7 – Capture the network credentials
    10. Lab Summary
    11. References
    12. Further reading
  6. Reconnaissance
    1. External reconnaissance
      1. Webshag
      2. PhoneInfoga
      3. Email harvester – TheHarvester
    2. Web Browser Enumeration Tools
      1. Penetration Testing Kit
      2. Netcraft
      3. Dumpster diving
      4. Social media
      5. Social engineering
        1. Pretexting
        2. Diversion theft
        3. Phishing
        4. Keepnet Labs
        5. Water holing
        6. Baiting
        7. Quid pro quo
        8. Tailgating
    3. Internal reconnaissance
      1. Airgraph-ng
      2. Sniffing and scanning
        1. Prismdump
        2. Tcpdump
        3. Nmap
        4. Wireshark
        5. Scanrand
        6. Masscan
        7. Cain and Abel
        8. Nessus
        9. Metasploit
        10. Aircrack-ng
      3. Wardriving
      4. Hak5 Plunder Bug
      5. CATT
      6. Canary token links
    4. Summary
    5. LAB
      1. Google Hacking
        1. Part 1: Hacking personal information
        2. Part 2: Hacking Servers
    6. References
  7. Compromising the System
    1. Analyzing current trends
      1. Extortion attacks
      2. Data manipulation attacks
      3. IoT device attacks
      4. Backdoors
      5. Mobile device attacks
      6. Hacking everyday devices
      7. Hacking the cloud
      8. The appeal of cloud attacks
        1. Cloud Hacking Tools
      9. CloudTracker
        1. OWASP DevSlop Tool
      10. Cloud security recommendations
    2. Phishing
    3. Exploiting a vulnerability
      1. Hot Potato
    4. Zero-day
      1. WhatsApp vulnerability (CVE-2019-3568)
      2. Chrome zero-day vulnerability (CVE-2019-5786)
      3. Windows 10 Privilege escalation
      4. Windows privilege escalation vulnerability (CVE20191132)
      5. Fuzzing
      6. Source code analysis
      7. Types of zero-day exploits
        1. Buffer overflows
        2. Structured exception handler overwrites
    5. Performing the steps to compromise a system
      1. Deploying payloads
        1. Installing and using a vulnerability scanner
        2. Using Metasploit
        3. Compromising operating systems
        4. Compromising a remote system
        5. Compromising web-based systems
    6. Mobile phone (iOS / Android attacks)
      1. Exodus
      2. SensorID
      3. iPhone hack by Cellebrite
      4. Man-in-the-disk
      5. Spearphone (loudspeaker data capture on Android)
      6. Tap n Ghost
      7. Red and Blue Team Tools for Mobile Devices
        1. Snoopdroid
        2. Androguard
        3. Frida
        4. Cycript
        5. iOS Implant Teardown
    7. Lab
      1. Building a Red Team PC in Windows
    8. Lab 2: Hack those websites (legally!)
      1. bWAPP
      2. HackThis!!
      3. OWASP Juice Shop Project
      4. Try2Hack
      5. Google Gruyere
      6. Damn Vulnerable Web Application (DVWA)
    9. Summary
    10. References
    11. Further reading
  8. Chasing a User's Identity
    1. Identity is the new perimeter
    2. Strategies for compromising a user's identity
      1. Gaining access to the network
      2. Harvesting credentials
      3. Hacking a user's identity
      4. Brute force
      5. Social engineering
      6. Pass the hash
      7. Identity theft through mobile devices
      8. Other methods for hacking an identity
    3. Summary
    4. References
  9. Lateral Movement
    1. Infiltration
    2. Network mapping
    3. Avoiding alerts
    4. Performing lateral movement
      1. Think like a Hacker
      2. Port scans
      3. Sysinternals
      4. File shares
      5. Windows DCOM
      6. Remote Desktop
      7. PowerShell
      8. Windows Management Instrumentation
      9. Scheduled tasks
      10. Token stealing
      11. Stolen credentials
      12. Removable media
      13. Tainted Shared Content
      14. Remote Registry
      15. TeamViewer
      16. Application deployment
      17. Network Sniffing
      18. ARP spoofing
      19. AppleScript and IPC (OS X)
      20. Breached host analysis
      21. Central administrator consoles
      22. Email pillaging
      23. Active Directory
      24. Admin shares
      25. Pass the ticket
      26. Pass the hash (PtH)
      27. Winlogon
      28. Lsass.exe Process
        1. Security Accounts Manager (SAM) database
        2. Domain Active Directory Database (NTDS.DIT):
        3. Credential Manager (CredMan) store:
        4. PtH Mitigation Recommendations
    5. Lab
      1. Hunting Malware without antivirus
    6. Summary
    7. References
    8. Further reading
  10. Privilege Escalation
    1. Infiltration
      1. Horizontal Privilege Escalation
      2. Vertical Privilege Escalation
    2. Avoiding alerts
    3. Performing Privilege Escalation
      1. Exploiting unpatched operating systems
      2. Access token manipulation
      3. Exploiting accessibility features
      4. Application shimming
      5. Bypassing user account control
      6. DLL injection
      7. DLL search order hijacking
      8. Dylib hijacking
      9. Exploration of vulnerabilities
      10. Launch daemon
    4. Hands-on example of Privilege Escalation on a Windows target
    5. Privilege escalation techniques
      1. Dumping the SAM file
      2. Rooting Android
      3. Using the /etc/passwd file
      4. Extra window memory injection
      5. Hooking
      6. New services
      7. Scheduled tasks
    6. Windows Boot Sequence
      1. Startup items
        1. Startup 101
      2. Sudo caching
        1. Additional tools for privilege escalation
        2. 0xsp Mongoose v1.7
    7. Conclusion and lessons learned
    8. Summary
    9. Lab 1
    10. Lab 2
      1. Part 1 – Retrieving passwords from LSASS
      2. Part 2 – Dumping Hashes with PowerSploit
    11. Lab 3: HackTheBox
    12. References
  11. Security Policy
    1. Reviewing your security policy
    2. Educating the end user
      1. Social media security guidelines for users
      2. Security awareness training
    3. Policy enforcement
      1. Application whitelisting
      2. Hardening
    4. Monitoring for compliance
    5. Continuously driving security posture enhancement via security policy
    6. Summary
    7. References
  12. Network Segmentation
    1. The defense in depth approach
      1. Infrastructure and services
      2. Documents in transit
      3. Endpoints
    2. Physical network segmentation
      1. Discovering your network
    3. Securing remote access to the network
      1. Site-to-site VPN
    4. Virtual network segmentation
    5. Zero trust network
      1. Planning zero trust network adoption
    6. Hybrid cloud network security
      1. Cloud network visibility
    7. Summary
    8. Ref
  13. Active Sensors
    1. Detection capabilities
      1. Indicators of compromise
    2. Intrusion detection systems
    3. Intrusion prevention system
      1. Rule-based detection
      2. Anomaly-based detection
    4. Behavior analytics on-premises
      1. Device placement
    5. Behavior analytics in a hybrid cloud
      1. Azure Security Center
      2. Analytics for PaaS workloads
    6. Summary
    7. References
  14. Threat Intelligence
    1. Introduction to threat intelligence
    2. Open source tools for threat intelligence
      1. Free threat intelligence feeds
    3. Microsoft threat intelligence
      1. Azure Sentinel
    4. Leveraging threat intelligence to investigate suspicious activity
    5. Summary
    6. References
  15. Investigating an Incident
    1. Scoping the issue
      1. Key artifacts
    2. Investigating a compromised system on-premises
    3. Investigating a compromised system in a hybrid cloud
      1. Integrating Azure Security Center with your SIEM for Investigation
    4. Proactive investigation (threat hunting)
    5. Lessons learned
    6. Summary
    7. References
  16. Recovery Process
    1. Disaster recovery plan
      1. The disaster recovery planning process
        1. Forming a disaster recovery team
        2. Performing risk assessment
        3. Prioritizing processes and operations
        4. Determining recovery strategies
        5. Collecting data
        6. Creating the DR plan
        7. Testing the plan
        8. Obtaining approval
        9. Maintaining the plan
      2. Challenges
    2. Contingency planning
      1. IT contingency planning process
        1. Development of the contingency planning policy
        2. Conducting business impact analysis
        3. Identifying the preventive controls
        4. Business continuity vs Disaster recovery
        5. Developing recovery strategies
    3. Live recovery
      1. Plan maintenance
      2. Cyber Incident Recovery Examples from the field
      3. Risk management tools
        1. RiskNAV
        2. IT Risk Management App
    4. Best practices for recovery planning
    5. Disaster recovery best practices
      1. On-Premises
        1. On the cloud
        2. Hybrid
        3. Cyber-resilient recommendations
    6. Summary
    7. Resources for DR Planning
    8. References
    9. Further reading
  17. Vulnerability Management
    1. Creating a vulnerability management strategy
      1. Asset inventory
      2. Information management
      3. Risk assessment
        1. Scope
        2. Collecting data
        3. Analysis of policies and procedures
        4. Vulnerability analysis
        5. Threat analysis
        6. Analysis of acceptable risks
      4. Vulnerability assessment
      5. Reporting and remediation tracking
      6. Response planning
    2. Vulnerability management tools
      1. Asset inventory tools
        1. Peregrine tools
        2. LANDesk Management Suite
        3. StillSecure
        4. McAfee's Enterprise
      2. Information management tools
      3. Risk assessment tools
      4. Vulnerability assessment tools
      5. Reporting and remediation tracking tools
      6. Response planning tools
    3. Implementation of vulnerability management
    4. Best practices for vulnerability management
    5. Vulnerability management tools
      1. Intruder
      2. Patch Manager Plus
      3. InsightVM
      4. Azure Threat & Vulnerability Management
    6. Implementing vulnerability management with Nessus
      1. OpenVAS
      2. Qualys
      3. Acunetix
    7. LABS
      1. Lab 1: Performing an online vulnerability scan with Acunetix
      2. Lab 2: Network security scan with GFI LanGuard
    8. Summary
    9. References
  18. Log Analysis
    1. Data correlation
    2. Operating system logs
      1. Windows logs
      2. Linux logs
    3. Firewall logs
    4. Web server logs
    5. Amazon Web Services (AWS) logs
      1. Accessing AWS logs from Azure Sentinel
    6. Azure Activity logs
      1. Accessing Azure Activity logs from Azure Sentinel
    7. Summary
    8. References
  19. Other Books You May Enjoy
  20. Index

Product information

  • Title: Cybersecurity – Attack and Defense Strategies - Second Edition
  • Author(s): Yuri Diogenes, Erdal Ozkaya
  • Release date: December 2019
  • Publisher(s): Packt Publishing
  • ISBN: 9781838827793