Cybersecurity, attack and defense strategies infrastructure security with Red Team and Blue Team tactics
Enhance your organization's secure posture by improving your attack and defense strategies About This Book Gain a clear understanding of the attack methods, and patterns to recognize abnormal behavior within your organization with Blue Team tactics. Learn to unique techniques to gather exploita...
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham, England ; Mumbai, [India] :
Packt
2018.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009631624406719 |
Tabla de Contenidos:
- Cover
- Copyright and Credits
- Packt Upsell
- Contributors
- Table of Contents
- Preface
- Chapter 1: Security Posture
- The current threat landscape
- The credentials - authentication and authorization
- Apps
- Data
- Cybersecurity challenges
- Old techniques and broader results
- The shift in the threat landscape
- Enhancing your security posture
- The Red and Blue Team
- Assume breach
- References
- Summary
- Chapter 2: Incident Response Process
- Incident response process
- Reasons to have an IR process in place
- Creating an incident response process
- Incident response team
- Incident life cycle
- Handling an incident
- Best practices to optimize incident handling
- Post-incident activity
- Real-world scenario
- Lessons learned
- Incident response in the cloud
- Updating your IR process to include cloud
- References
- Summary
- Chapter 3: Understanding the Cybersecurity Kill Chain
- External reconnaissance
- Scanning
- NMap
- Metasploit
- John the Ripper
- THC Hydra
- Wireshark
- Aircrack-ng
- Nikto
- Kismet
- Cain and Abel
- Access and privilege escalation
- Vertical privilege escalation
- Horizontal privilege escalation
- Exfiltration
- Sustainment
- Assault
- Obfuscation
- Threat life cycle management
- References
- Summary
- Chapter 4: Reconnaissance
- External reconnaissance
- Dumpster diving
- Social media
- Social engineering
- Pretexting
- Diversion theft
- Phishing
- Phone phishing (vishing)
- Spear phishing
- Water holing
- Baiting
- Quid pro quo
- Tailgating
- Internal reconnaissance
- Sniffing and scanning
- Prismdump
- tcpdump
- NMap
- Wireshark
- Scanrand
- Cain and Abel
- Nessus
- Metasploit
- Aircrack-ng
- Wardriving
- Conclusion of the reconnaissance chapter
- References
- Summary
- Chapter 5: Compromising the System.
- Analyzing current trends
- Extortion attacks
- Data manipulation attacks
- IoT device attacks
- Backdoors
- Mobile device attacks
- Hacking everyday devices
- Hacking the cloud
- Phishing
- Exploiting a vulnerability
- Zero-day
- Fuzzing
- Source code analysis
- Types of zero-day exploits
- Buffer overflows
- Structured exception handler overwrites
- Performing the steps to compromise a system
- Deploying payloads
- Installing and using a vulnerability scanner
- Using Metasploit
- Compromising operating systems
- Compromising systems using Kon-Boot or Hiren's BootCD
- Compromising systems using a Linux Live CD
- Compromising systems using preinstalled applications
- Compromising systems using Ophcrack
- Compromising a remote system
- Compromising web-based systems
- SQL injection
- Cross-site scripting
- Broken authentication
- DDoS attacks
- References
- Summary
- Chapter 6: Chasing a User's Identity
- Identity is the new perimeter
- Strategies for compromising a user's identity
- Gaining access to the network
- Harvesting credentials
- Hacking a user's identity
- Brute force
- Social engineering
- Pass the hash
- Other methods to hack identity
- References
- Summary
- Chapter 7: Lateral Movement
- Infiltration
- Network mapping
- Avoiding alerts
- Performing lateral movement
- Port scans
- Sysinternals
- File shares
- Remote Desktop
- PowerShell
- Windows Management Instrumentation
- Scheduled tasks
- Token stealing
- Pass-the-hash
- Active Directory
- Remote Registry
- Breached host analysis
- Central administrator consoles
- Email pillaging
- References
- Summary
- Chapter 8: Privilege Escalation
- Infiltration
- Horizontal privilege escalation
- Vertical privilege escalation
- Avoiding alerts
- Performing privilege escalation
- Exploiting unpatched operating systems.
- Access token manipulation
- Exploiting accessibility features
- Application shimming
- Bypassing user account control
- DLL injection
- DLL search order hijacking
- Dylib hijacking
- Exploration of vulnerabilities
- Launch daemon
- Hands-on example of privilege escalation on a Windows 8 target
- Conclusion and lessons learned
- References
- Summary
- Chapter 9: Security Policy
- Reviewing your security policy
- Educating the end user
- Social media security guidelines for users
- Security awareness training
- Policy enforcement
- Application whitelisting
- Hardening
- Monitoring for compliance
- References
- Summary
- Chapter 10: Network Segmentation
- Defense in depth approach
- Infrastructure and services
- Documents in transit
- Endpoints
- Physical network segmentation
- Discovering your network
- Securing remote access to the network
- Site-to-site VPN
- Virtual network segmentation
- Hybrid cloud network security
- References
- Summary
- Chapter 11: Active Sensors
- Detection capabilities
- Indicators of compromise
- Intrusion detection systems
- Intrusion prevention system
- Rule-based detection
- Anomaly-based detection
- Behavior analytics on-premises
- Device placement
- Behavior analytics in a hybrid cloud
- Azure Security Center
- References
- Summary
- Chapter 12: Threat Intelligence
- Introduction to threat intelligence
- Open source tools for threat intelligence
- Microsoft threat intelligence
- Azure Security Center
- Leveraging threat intelligence to investigate suspicious activity
- References
- Summary
- Chapter 13: Investigating an Incident
- Scoping the issue
- Key artifacts
- Investigating a compromised system on-premises
- Investigating a compromised system in a hybrid cloud
- Search and you shall find it
- Lessons learned
- References
- Summary.
- Chapter 14: Recovery Process
- Disaster recovery plan
- The disaster recovery planning process
- Forming a disaster recovery team
- Performing risk assessment
- Prioritizing processes and operations
- Determining recovery strategies
- Collecting data
- Creating the disaster recovery plan
- Testing the plan
- Obtaining approval
- Maintaining the plan
- Challenges
- Live recovery
- Contingency planning
- IT contingency planning process
- Development of the contingency planning policy
- Conducting business impact analysis
- Identifying the critical IT resources
- Identifying disruption impacts
- Developing recovery priorities
- Identifying the preventive controls
- Developing recovery strategies
- Backups
- Alternative sites
- Equipment replacement
- Plan testing, training, and exercising
- Plan maintenance
- Best practices for recovery
- References
- Summary
- Chapter 15: Vulnerability Management
- Creating a vulnerability management strategy
- Asset inventory
- Information management
- Risk assessment
- Scope
- Collecting data
- Analysis of policies and procedures
- Vulnerability analysis
- Threat analysis
- Analysis of acceptable risks
- Vulnerability assessment
- Reporting and remediation tracking
- Response planning
- Vulnerability management tools
- Asset inventory tools
- Peregrine tools
- LANDesk Management Suite
- StillSecure
- Foundstone's Enterprise
- Information management tools
- Risk assessment tools
- Vulnerability assessment tools
- Reporting and remediation tracking tools
- Response planning tools
- Implementation of vulnerability management
- Best practices for vulnerability management
- Implementing vulnerability management with Nessus
- Flexera (Secunia) Personal Software Inspector
- Conclusion
- References
- Summary
- Chapter 16: Log Analysis
- Data correlation.
- Operating system logs
- Windows logs
- Linux logs
- Firewall logs
- Web server logs
- References
- Summary
- Other Books You May Enjoy
- Index.
