Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Cybersecurity - Attack and Defense Strategies
  • Table Of Contents Toc
  • Feedback & Rating feedback
Cybersecurity - Attack and Defense Strategies

Cybersecurity - Attack and Defense Strategies

By : Yuri Diogenes, Dr. Erdal Ozkaya
4.7 (33)
Buy this Book
close
close
Cybersecurity - Attack and Defense Strategies

Cybersecurity - Attack and Defense Strategies

4.7 (33)
By: Yuri Diogenes, Dr. Erdal Ozkaya
Buy this Book

Overview of this book

The book will start talking about the security posture before moving to Red Team tactics, where you will learn the basic syntax for the Windows and Linux tools that are commonly used to perform the necessary operations. You will also gain hands-on experience of using new Red Team techniques with powerful tools such as python and PowerShell, which will enable you to discover vulnerabilities in your system and how to exploit them. Moving on, you will learn how a system is usually compromised by adversaries, and how they hack user's identity, and the various tools used by the Red Team to find vulnerabilities in a system. In the next section, you will learn about the defense strategies followed by the Blue Team to enhance the overall security of a system. You will also learn about an in-depth strategy to ensure that there are security controls in each network layer, and how you can carry out the recovery process of a compromised system. Finally, you will learn how to create a vulnerability management strategy and the different techniques for manual log analysis.
Table of Contents (18 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Free Chapter
1
Security Posture
Icon
Security Posture
Icon
The current threat landscape
Icon
Cybersecurity challenges
Icon
Enhancing your security posture
Icon
The Red and Blue Team
Icon
References
Icon
Summary
2
Incident Response Process
Icon
Incident Response Process
Icon
Incident response process
Icon
Handling an incident
Icon
Post-incident activity
Icon
Incident response in the cloud
Icon
References
Icon
Summary
3
Understanding the Cybersecurity Kill Chain
Icon
Understanding the Cybersecurity Kill Chain
Icon
External reconnaissance
Icon
Access and privilege escalation
Icon
Exfiltration
Icon
Sustainment
Icon
Assault
Icon
Obfuscation
Icon
Threat life cycle management
Icon
References
Icon
Summary
4
Reconnaissance
Icon
Reconnaissance
Icon
External reconnaissance
Icon
Internal reconnaissance
Icon
Conclusion of the reconnaissance chapter
Icon
References
Icon
Summary
5
Compromising the System
Icon
Compromising the System
Icon
Analyzing current trends
Icon
Phishing
Icon
Exploiting a vulnerability
Icon
Zero-day
Icon
Performing the steps to compromise a system
Icon
References
Icon
Summary
6
Chasing a User's Identity
Icon
Chasing a User's Identity
Icon
Identity is the new perimeter
Icon
Strategies for compromising a user's identity
Icon
Hacking a user's identity
Icon
References
Icon
Summary
7
Lateral Movement
Icon
Lateral Movement
Icon
Infiltration
Icon
Performing lateral movement
Icon
References
Icon
Summary
8
Privilege Escalation
Icon
Privilege Escalation
Icon
Infiltration
Icon
Avoiding alerts
Icon
Performing privilege escalation
Icon
Conclusion and lessons learned
Icon
References
Icon
Summary
9
Security Policy
Icon
Security Policy
Icon
Reviewing your security policy
Icon
Educating the end user
Icon
Policy enforcement
Icon
Monitoring for compliance
Icon
References
Icon
Summary
10
Network Segmentation
Icon
Network Segmentation
Icon
Defense in depth approach
Icon
Physical network segmentation
Icon
Securing remote access to the network
Icon
Virtual network segmentation
Icon
Hybrid cloud network security
Icon
References
Icon
Summary
11
Active Sensors
Icon
Active Sensors
Icon
Detection capabilities
Icon
Intrusion detection systems
Icon
Intrusion prevention system
Icon
Behavior analytics on-premises
Icon
Behavior analytics in a hybrid cloud
Icon
References
Icon
Summary
12
Threat Intelligence
Icon
Threat Intelligence
Icon
Introduction to threat intelligence
Icon
Open source tools for threat intelligence
Icon
Microsoft threat intelligence
Icon
Leveraging threat intelligence to investigate suspicious activity
Icon
References
Icon
Summary
13
Investigating an Incident
chevron up
Icon
Investigating an Incident
Icon
Scoping the issue
Icon
Investigating a compromised system on-premises
Icon
Investigating a compromised system in a hybrid cloud
Icon
Lessons learned
Icon
References
Icon
Summary
14
Recovery Process
Icon
Recovery Process
Icon
Disaster recovery plan
Icon
Live recovery
Icon
Contingency planning
Icon
Best practices for recovery
Icon
References
Icon
Summary
15
Vulnerability Management
Icon
Vulnerability Management
Icon
Creating a vulnerability management strategy
Icon
Implementation of vulnerability management
Icon
Best practices for vulnerability management
Icon
Implementing vulnerability management with Nessus
Icon
Flexera (Secunia) Personal Software Inspector
Icon
Conclusion
Icon
References
Icon
Summary
16
Log Analysis
Icon
Log Analysis
Icon
Data correlation
Icon
Operating system logs
Icon
Firewall logs
Icon
Web server logs
Icon
References
Icon
Summary
17
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Investigating a compromised system in a hybrid cloud

For this hybrid scenario, the compromised system will be located on-premises and the company has a cloud-based monitoring system, which for the purpose of this example will be Azure Security Center. To show how a hybrid cloud scenario can be similar to an on-premises online scenario, we will use the same case that was used before. Again, a user received a phishing email, clicked on the hyperlink, and got compromised. The difference now is that there is an active sensor monitoring the system, which will trigger an alert to SecOps, and the user will be contacted. The users don't need to wait days to realize they were compromised; the response is faster and more accurate.

The SecOps engineer has access to the Security Center dashboard and, when an alert is created, it shows the NEW flag besides the alert name. The SecOps engineer...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 4
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY