book

Cybersecurity Ops with bash

by Paul Troncone, Carl Albing

April 2019

Intermediate to advanced

303 pages

6h 16m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
Who This Book Is ForBash or bashScript RobustnessWorkshopsConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgmentsDisclaimer
I. Foundations
1. Command-Line Primer
The Command Line DefinedWhy bash?Command-Line IllustrationsRunning Linux and bash on WindowsGit BashCygwinWindows Subsystem for LinuxWindows Command Prompt and PowerShellCommand-Line BasicsCommands, Arguments, Built-ins, and KeywordsStandard Input/Output/ErrorRedirection and PipingRunning Commands in the BackgroundFrom Command Line to ScriptSummaryWorkshop
2. Bash Primer
OutputVariablesPositional ParametersInputConditionalsLoopingFunctionsFunction ArgumentsReturning ValuesPattern Matching in bashWriting Your First Script—Detecting Operating System TypeSummaryWorkshop
3. Regular Expressions Primer
Commands in Usegrepgrep and egrepRegular Expression MetacharactersThe “.” MetacharacterThe “?” MetacharacterThe “*” MetacharacterThe “+” MetacharacterGroupingBrackets and Character ClassesBack ReferencesQuantifiersAnchors and Word BoundariesSummaryWorkshop
4. Principles of Defense and Offense
CybersecurityConfidentialityIntegrityAvailabilityNonrepudiationAuthenticationThe Attack Life CycleReconnaissanceInitial ExploitationEstablish FootholdEscalate PrivilegesInternal ReconnaissanceLateral MovementMaintain PresenceComplete MissionSummary
II. Defensive Security Operations with bash
5. Data Collection
Commands in UsecutfileheadregwevtutilGathering System InformationExecuting a Command Remotely Using SSHGathering Linux LogfilesGathering Windows LogfilesGathering System InformationGathering the Windows RegistrySearching the FilesystemSearching by FilenameSearching for Hidden FilesSearching by File SizeSearching by TimeSearching for ContentSearching by File TypeSearching by Message Digest ValueTransferring DataSummaryWorkshop
6. Data Processing
Commands in UseawkjoinsedtailtrProcessing Delimited FilesIterating Through Delimited DataProcessing by Character PositionProcessing XMLProcessing JSONAggregating DataSummaryWorkshop
7. Data Analysis
Commands in UsesortuniqWeb Server Access Log FamiliarizationSorting and Arranging DataCounting Occurrences in DataTotaling Numbers in DataDisplaying Data in a HistogramFinding Uniqueness in DataIdentifying Anomalies in DataSummaryWorkshop

8. Real-Time Log Monitoring
Monitoring Text LogsLog-Based Intrusion DetectionMonitoring Windows LogsGenerating a Real-Time HistogramSummaryWorkshop
9. Tool: Network Monitor
Commands in UsecrontabschtasksStep 1: Creating a Port ScannerStep 2: Comparing to Previous OutputStep 3: Automation and NotificationScheduling a Task in LinuxScheduling a Task in WindowsSummaryWorkshop
10. Tool: Filesystem Monitor
Commands in UsesdiffStep 1: Baselining the FilesystemStep 2: Detecting Changes to the BaselineStep 3: Automation and NotificationSummaryWorkshop
11. Malware Analysis
Commands in UsecurlvixxdReverse EngineeringHexadecimal, Decimal, Binary, and ASCII ConversionsAnalyzing with xxdExtracting StringsInterfacing with VirusTotalSearching the Database by Hash ValueScanning a FileScanning URLs, Domains, and IP AddressesSummaryWorkshop
12. Formatting and Reporting
Commands in UsetputFormatting for Display and Print with HTMLCreating a DashboardSummaryWorkshop
III. Penetration Testing with bash
13. Reconnaissance
Commands in UseftpCrawling WebsitesAutomated Banner GrabbingSummaryWorkshop
14. Script Obfuscation
Commands in Usebase64evalObfuscating SyntaxObfuscating LogicEncryptingCryptography PrimerEncrypting the ScriptCreating the WrapperCreating Your Own CryptoSummaryWorkshop
15. Tool: Command-Line Fuzzer
ImplementationSummaryWorkshop
16. Establishing a Foothold
Commands in UsencSingle-Line BackdoorsReverse SSHBash BackdoorCustom Remote-Access ToolImplementationSummaryWorkshop
IV. Security Administration with bash
17. Users, Groups, and Permissions
Commands in UsechmodchowngetfaclgroupaddsetfacluseraddusermodicaclsnetUsers and GroupsCreating Linux Users and GroupsCreating Windows Users and GroupsFile Permissions and Access Control ListsLinux File PermissionsWindows File PermissionsMaking Bulk ChangesSummaryWorkshop
18. Writing Log Entries
Commands in UseeventcreateloggerWriting Windows LogsWriting Linux LogsSummaryWorkshop
19. Tool: System Availability Monitor
Commands in UsepingImplementationSummaryWorkshop
20. Tool: Software Inventory
Commands in UseaptdpkgwmicyumImplementationIdentifying Other SoftwareSummaryWorkshop
21. Tool: Validating Configuration
ImplementationSummaryWorkshop
22. Tool: Account Auditing
Have I Been Pwned?Checking for a Breached PasswordChecking for a Breached Email AddressBatch-Processing EmailsSummaryWorkshop
23. Conclusion
Index

Content preview from Cybersecurity Ops with bash

Chapter 11. Malware Analysis

Detecting the presence of malicious code is one of the most fundamental and challenging activities in cybersecurity operations. You have two main options when analyzing a piece of code: static and dynamic. During static analysis you analyze the code itself to determine whether indicators of malicious activity exist. During dynamic analysis, you execute the code and then look at its behavior and impact on a system to determine its functionality. In this chapter, we focus on static analysis techniques.

Warning

When dealing with potentially malicious files, be sure to perform any analysis on a system that is not connected to a network and does not contain any sensitive information. Afterward, assume that the system has been infected, and completely wipe and reimage the system before introducing it back into your network.

Commands in Use

In this chapter, we introduce curl to interact with websites, vi to edit files, and xxd to perform base conversions and file analysis.

curl

The curl command can be used to transfer data over a network between a client and a server. It supports multiple protocols, including HTTP, HTTPS, FTP, SFTP, and Telnet. curl is extremely versatile. The command options presented next represent only a small fraction of the capabilities available. For more information, be sure to check out the Linux man page for curl.

Common command options

-A: Specify the HTTP user agent string to send to the server
-d: Data to send with an HTTP ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781492041306Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Cybersecurity Ops with bash

by Paul Troncone, Carl Albing

Chapter 11. Malware Analysis

Warning

Commands in Use