Cybersecurity Ops with bash

Cybersecurity Ops with bash

by Paul Troncone, Carl Albing
Released April 2019
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781492041313

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to live online training experiences, plus books, videos, and digital content from O’Reilly and nearly 200 trusted publishing partners.

Buy on Amazon Buy on ebooks.com
Start your free trial

Book description

If you hope to outmaneuver threat actors, speed and efficiency need to be key components of your cybersecurity operations. Mastery of the standard command-line interface (CLI) is an invaluable skill in times of crisis because no other software application can match the CLI’s availability, flexibility, and agility. This practical guide shows you how to use the CLI with the bash shell to perform tasks such as data collection and analysis, intrusion detection, reverse engineering, and administration.

Authors Paul Troncone, founder of Digadel Corporation, and Carl Albing, coauthor of bash Cookbook (O’Reilly), provide insight into command-line tools and techniques to help defensive operators collect data, analyze logs, and monitor networks. Penetration testers will learn how to leverage the enormous amount of functionality built into nearly every version of Linux to enable offensive operations.

In four parts, security practitioners, administrators, and students will examine:

  • Foundations: Principles of defense and offense, command-line and bash basics, and regular expressions
  • Defensive security operations: Data collection and analysis, real-time log monitoring, and malware analysis
  • Penetration testing: Script obfuscation and tools for command-line fuzzing and remote access
  • Security administration: Users, groups, and permissions; device and software inventory

Publisher resources

View/Submit Errata

Table of contents

  1. Preface
    1. Who This Book Is For
    2. Bash or bash
    3. Script Robustness
    4. Workshops
    5. Conventions Used in This Book
    6. Using Code Examples
    7. O’Reilly Online Learning
    8. How to Contact Us
    9. Acknowledgments
    10. Disclaimer
  2. I. Foundations
  3. 1. Command-Line Primer
    1. The Command Line Defined
    2. Why bash?
    3. Command-Line Illustrations
    4. Running Linux and bash on Windows
      1. Git Bash
      2. Cygwin
      3. Windows Subsystem for Linux
      4. Windows Command Prompt and PowerShell
    5. Command-Line Basics
      1. Commands, Arguments, Built-ins, and Keywords
      2. Standard Input/Output/Error
      3. Redirection and Piping
      4. Running Commands in the Background
      5. From Command Line to Script
    6. Summary
    7. Workshop
  4. 2. Bash Primer
    1. Output
    2. Variables
      1. Positional Parameters
    3. Input
    4. Conditionals
    5. Looping
    6. Functions
      1. Function Arguments
      2. Returning Values
    7. Pattern Matching in bash
    8. Writing Your First Script—Detecting Operating System Type
    9. Summary
    10. Workshop
  5. 3. Regular Expressions Primer
    1. Commands in Use
      1. grep
      2. grep and egrep
    2. Regular Expression Metacharacters
      1. The “.” Metacharacter
      2. The “?” Metacharacter
      3. The “*” Metacharacter
      4. The “+” Metacharacter
      5. Grouping
      6. Brackets and Character Classes
      7. Back References
      8. Quantifiers
      9. Anchors and Word Boundaries
    3. Summary
    4. Workshop
  6. 4. Principles of Defense and Offense
    1. Cybersecurity
      1. Confidentiality
      2. Integrity
      3. Availability
      4. Nonrepudiation
      5. Authentication
    2. The Attack Life Cycle
      1. Reconnaissance
      2. Initial Exploitation
      3. Establish Foothold
      4. Escalate Privileges
      5. Internal Reconnaissance
      6. Lateral Movement
      7. Maintain Presence
      8. Complete Mission
    3. Summary
  7. II. Defensive Security Operations with bash
  8. 5. Data Collection
    1. Commands in Use
      1. cut
      2. file
      3. head
      4. reg
      5. wevtutil
    2. Gathering System Information
      1. Executing a Command Remotely Using SSH
      2. Gathering Linux Logfiles
      3. Gathering Windows Logfiles
      4. Gathering System Information
      5. Gathering the Windows Registry
    3. Searching the Filesystem
      1. Searching by Filename
      2. Searching for Hidden Files
      3. Searching by File Size
      4. Searching by Time
      5. Searching for Content
      6. Searching by File Type
      7. Searching by Message Digest Value
    4. Transferring Data
    5. Summary
    6. Workshop
  9. 6. Data Processing
    1. Commands in Use
      1. awk
      2. join
      3. sed
      4. tail
      5. tr
    2. Processing Delimited Files
      1. Iterating Through Delimited Data
      2. Processing by Character Position
    3. Processing XML
    4. Processing JSON
    5. Aggregating Data
    6. Summary
    7. Workshop
  10. 7. Data Analysis
    1. Commands in Use
      1. sort
      2. uniq
    2. Web Server Access Log Familiarization
    3. Sorting and Arranging Data
    4. Counting Occurrences in Data
    5. Totaling Numbers in Data
    6. Displaying Data in a Histogram
    7. Finding Uniqueness in Data
    8. Identifying Anomalies in Data
    9. Summary
    10. Workshop
  11. 8. Real-Time Log Monitoring
    1. Monitoring Text Logs
      1. Log-Based Intrusion Detection
    2. Monitoring Windows Logs
    3. Generating a Real-Time Histogram
    4. Summary
    5. Workshop
  12. 9. Tool: Network Monitor
    1. Commands in Use
      1. crontab
      2. schtasks
    2. Step 1: Creating a Port Scanner
    3. Step 2: Comparing to Previous Output
    4. Step 3: Automation and Notification
      1. Scheduling a Task in Linux
      2. Scheduling a Task in Windows
    5. Summary
    6. Workshop
  13. 10. Tool: Filesystem Monitor
    1. Commands in Use
      1. sdiff
    2. Step 1: Baselining the Filesystem
    3. Step 2: Detecting Changes to the Baseline
    4. Step 3: Automation and Notification
    5. Summary
    6. Workshop
  14. 11. Malware Analysis
    1. Commands in Use
      1. curl
      2. vi
      3. xxd
    2. Reverse Engineering
      1. Hexadecimal, Decimal, Binary, and ASCII Conversions
      2. Analyzing with xxd
    3. Extracting Strings
    4. Interfacing with VirusTotal
      1. Searching the Database by Hash Value
      2. Scanning a File
      3. Scanning URLs, Domains, and IP Addresses
    5. Summary
    6. Workshop
  15. 12. Formatting and Reporting
    1. Commands in Use
      1. tput
    2. Formatting for Display and Print with HTML
    3. Creating a Dashboard
    4. Summary
    5. Workshop
  16. III. Penetration Testing with bash
  17. 13. Reconnaissance
    1. Commands in Use
      1. ftp
    2. Crawling Websites
    3. Automated Banner Grabbing
    4. Summary
    5. Workshop
  18. 14. Script Obfuscation
    1. Commands in Use
      1. base64
      2. eval
    2. Obfuscating Syntax
    3. Obfuscating Logic
    4. Encrypting
      1. Cryptography Primer
      2. Encrypting the Script
      3. Creating the Wrapper
      4. Creating Your Own Crypto
    5. Summary
    6. Workshop
  19. 15. Tool: Command-Line Fuzzer
    1. Implementation
    2. Summary
    3. Workshop
  20. 16. Establishing a Foothold
    1. Commands in Use
      1. nc
    2. Single-Line Backdoors
      1. Reverse SSH
      2. Bash Backdoor
    3. Custom Remote-Access Tool
      1. Implementation
    4. Summary
    5. Workshop
  21. IV. Security Administration with bash
  22. 17. Users, Groups, and Permissions
    1. Commands in Use
      1. chmod
      2. chown
      3. getfacl
      4. groupadd
      5. setfacl
      6. useradd
      7. usermod
      8. icacls
      9. net
    2. Users and Groups
      1. Creating Linux Users and Groups
      2. Creating Windows Users and Groups
    3. File Permissions and Access Control Lists
      1. Linux File Permissions
      2. Windows File Permissions
    4. Making Bulk Changes
    5. Summary
    6. Workshop
  23. 18. Writing Log Entries
    1. Commands in Use
      1. eventcreate
      2. logger
    2. Writing Windows Logs
    3. Writing Linux Logs
    4. Summary
    5. Workshop
  24. 19. Tool: System Availability Monitor
    1. Commands in Use
      1. ping
    2. Implementation
    3. Summary
    4. Workshop
  25. 20. Tool: Software Inventory
    1. Commands in Use
      1. apt
      2. dpkg
      3. wmic
      4. yum
    2. Implementation
    3. Identifying Other Software
    4. Summary
    5. Workshop
  26. 21. Tool: Validating Configuration
    1. Implementation
    2. Summary
    3. Workshop
  27. 22. Tool: Account Auditing
    1. Have I Been Pwned?
    2. Checking for a Breached Password
    3. Checking for a Breached Email Address
      1. Batch-Processing Emails
    4. Summary
    5. Workshop
  28. 23. Conclusion
  29. Index

Product information

  • Title: Cybersecurity Ops with bash
  • Author(s): Paul Troncone, Carl Albing
  • Release date: April 2019
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781492041313