Sign In Start Free Trial

Cybersecurity - Attack and Defense Strategies

By : Yuri Diogenes, Dr. Erdal Ozkaya

4.7 (33)

Buy this Book

Cybersecurity - Attack and Defense Strategies

4.7 (33)

By: Yuri Diogenes, Dr. Erdal Ozkaya

Buy this Book

Overview of this book

The book will start talking about the security posture before moving to Red Team tactics, where you will learn the basic syntax for the Windows and Linux tools that are commonly used to perform the necessary operations. You will also gain hands-on experience of using new Red Team techniques with powerful tools such as python and PowerShell, which will enable you to discover vulnerabilities in your system and how to exploit them. Moving on, you will learn how a system is usually compromised by adversaries, and how they hack user's identity, and the various tools used by the Red Team to find vulnerabilities in a system. In the next section, you will learn about the defense strategies followed by the Blue Team to enhance the overall security of a system. You will also learn about an in-depth strategy to ensure that there are security controls in each network layer, and how you can carry out the recovery process of a compromised system. Finally, you will learn how to create a vulnerability management strategy and the different techniques for manual log analysis.

Preface

Preface

Who this book is for

What this book covers

To get the most out of this book

Get in touch

Free Chapter

Security Posture

Security Posture

The current threat landscape

Cybersecurity challenges

Enhancing your security posture

The Red and Blue Team

References

Summary

Incident Response Process

Incident Response Process

Incident response process

Handling an incident

Post-incident activity

Incident response in the cloud

References

Summary

Understanding the Cybersecurity Kill Chain

Understanding the Cybersecurity Kill Chain

External reconnaissance

Access and privilege escalation

Exfiltration

Sustainment

Assault

Obfuscation

Threat life cycle management

References

Summary

Reconnaissance

Reconnaissance

External reconnaissance

Internal reconnaissance

Conclusion of the reconnaissance chapter

References

Summary

Compromising the System

Compromising the System

Analyzing current trends

Phishing

Exploiting a vulnerability

Zero-day

Performing the steps to compromise a system

References

Summary

Chasing a User's Identity

Chasing a User's Identity

Identity is the new perimeter

Strategies for compromising a user's identity

Hacking a user's identity

References

Summary

Lateral Movement

Lateral Movement

Infiltration

Performing lateral movement

References

Summary

Privilege Escalation

Privilege Escalation

Infiltration

Avoiding alerts

Performing privilege escalation

Conclusion and lessons learned

References

Summary

Security Policy

Security Policy

Reviewing your security policy

Educating the end user

Policy enforcement

Monitoring for compliance

References

Summary

Network Segmentation

Network Segmentation

Defense in depth approach

Physical network segmentation

Securing remote access to the network

Virtual network segmentation

Hybrid cloud network security

References

Summary

Active Sensors

Active Sensors

Detection capabilities

Intrusion detection systems

Intrusion prevention system

Behavior analytics on-premises

Behavior analytics in a hybrid cloud

References

Summary

Threat Intelligence

Threat Intelligence

Introduction to threat intelligence

Open source tools for threat intelligence

Microsoft threat intelligence

Leveraging threat intelligence to investigate suspicious activity

References

Summary

Investigating an Incident

Investigating an Incident

Scoping the issue

Investigating a compromised system on-premises

Investigating a compromised system in a hybrid cloud

Lessons learned

References

Summary

Recovery Process

Recovery Process

Disaster recovery plan

Live recovery

Contingency planning

Best practices for recovery

References

Summary

Vulnerability Management

Vulnerability Management

Creating a vulnerability management strategy

Implementation of vulnerability management

Best practices for vulnerability management

Implementing vulnerability management with Nessus

Flexera (Secunia) Personal Software Inspector

Conclusion

References

Summary

Log Analysis

Log Analysis

Data correlation

Operating system logs

Firewall logs

Web server logs

References

Summary

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

4.7 (33)

5 star

81.8%

4 star

12.1%

3 star

0

2 star

3%

1 star

3%

References

Microsoft Lean on the Machine Report http://download.microsoft.com/download/3/4/0/3409C40C-2E1C-4A55-BD5B-51F5E1164E20/Microsoft_Lean_on_the_Machine_EN_US.pdf
Wanna Decryptor (WNCRY) Ransomware Explained https://blog.rapid7.com/2017/05/12/wanna-decryptor-wncry-ransomware-explained/
A Technical Analysis of WannaCry Ransomware https://logrhythm.com/blog/a-technical-analysis-of-wannacry-ransomware/
New ransomware, old techniques: Petya adds worm capabilities https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/
DUQU Uses STUXNET-Like Techniques to Conduct Information Theft https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/90/duqu-uses-stuxnetlike-techniques-to-conduct-information-theft
Open Source Threat Intelligence https://www.sans.org/summit-archives/file/summit-archive-1493741141.pdf

...

Search

Your notes and bookmarks