Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Cybersecurity - Attack and Defense Strategies
  • Toc
  • feedback
Cybersecurity - Attack and Defense Strategies

Cybersecurity - Attack and Defense Strategies

By : Yuri Diogenes, Dr. Erdal Ozkaya
4.7 (33)
close
Cybersecurity - Attack and Defense Strategies

Cybersecurity - Attack and Defense Strategies

4.7 (33)
By: Yuri Diogenes, Dr. Erdal Ozkaya

Overview of this book

The book will start talking about the security posture before moving to Red Team tactics, where you will learn the basic syntax for the Windows and Linux tools that are commonly used to perform the necessary operations. You will also gain hands-on experience of using new Red Team techniques with powerful tools such as python and PowerShell, which will enable you to discover vulnerabilities in your system and how to exploit them. Moving on, you will learn how a system is usually compromised by adversaries, and how they hack user's identity, and the various tools used by the Red Team to find vulnerabilities in a system. In the next section, you will learn about the defense strategies followed by the Blue Team to enhance the overall security of a system. You will also learn about an in-depth strategy to ensure that there are security controls in each network layer, and how you can carry out the recovery process of a compromised system. Finally, you will learn how to create a vulnerability management strategy and the different techniques for manual log analysis.
Table of Contents (18 chapters)
close
close
Preface
chevron up
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Security Posture
Security Posture
The current threat landscape
Cybersecurity challenges
Enhancing your security posture
The Red and Blue Team
References
Summary
2
Incident Response Process
Incident Response Process
Incident response process
Handling an incident
Post-incident activity
Incident response in the cloud
References
Summary
3
Understanding the Cybersecurity Kill Chain
Understanding the Cybersecurity Kill Chain
External reconnaissance
Access and privilege escalation
Exfiltration
Sustainment
Assault
Obfuscation
Threat life cycle management
References
Summary
4
Reconnaissance
Reconnaissance
External reconnaissance
Internal reconnaissance
Conclusion of the reconnaissance chapter
References
Summary
5
Compromising the System
Compromising the System
Analyzing current trends
Phishing
Exploiting a vulnerability
Zero-day
Performing the steps to compromise a system
References
Summary
6
Chasing a User's Identity
Chasing a User's Identity
Identity is the new perimeter
Strategies for compromising a user's identity
Hacking a user's identity
References
Summary
7
Lateral Movement
Lateral Movement
Infiltration
Performing lateral movement
References
Summary
8
Privilege Escalation
Privilege Escalation
Infiltration
Avoiding alerts
Performing privilege escalation
Conclusion and lessons learned
References
Summary
9
Security Policy
Security Policy
Reviewing your security policy
Educating the end user
Policy enforcement
Monitoring for compliance
References
Summary
10
Network Segmentation
Network Segmentation
Defense in depth approach
Physical network segmentation
Securing remote access to the network
Virtual network segmentation
Hybrid cloud network security
References
Summary
11
Active Sensors
Active Sensors
Detection capabilities
Intrusion detection systems
Intrusion prevention system
Behavior analytics on-premises
Behavior analytics in a hybrid cloud
References
Summary
12
Threat Intelligence
Threat Intelligence
Introduction to threat intelligence
Open source tools for threat intelligence
Microsoft threat intelligence
Leveraging threat intelligence to investigate suspicious activity
References
Summary
13
Investigating an Incident
Investigating an Incident
Scoping the issue
Investigating a compromised system on-premises
Investigating a compromised system in a hybrid cloud
Lessons learned
References
Summary
14
Recovery Process
Recovery Process
Disaster recovery plan
Live recovery
Contingency planning
Best practices for recovery
References
Summary
15
Vulnerability Management
Vulnerability Management
Creating a vulnerability management strategy
Implementation of vulnerability management
Best practices for vulnerability management
Implementing vulnerability management with Nessus
Flexera (Secunia) Personal Software Inspector
Conclusion
References
Summary
16
Log Analysis
Log Analysis
Data correlation
Operating system logs
Firewall logs
Web server logs
References
Summary
17
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

What this book covers

Chapter 1Security Posture, defines what constitute a secure posture and how it helps in understanding the importance of having a good defense and attack strategy.

Chapter 2Incident Response Process, introduces the incident response process and the importance to have one. It goes over different industry standards and best practices for handling the incident response.

Chapter 3Understanding the Cybersecurity Kill Chain, prepares the reader to understand the mindset of an attacker, the different stages of the attack, and what usually takes place in each one of those phases.

Chapter 4Reconnaissance, speaks about the different strategies to perform reconnaissance and how data is gathered to obtain information about the target for planning the attack.

Chapter 5, Compromising the System, shows current trends in strategies to compromise the system and explains how to compromise a system.

Chapter 6Chasing a User's Identity, explains the importance of protecting the user's identity to avoid credential theft and goes through the process of hacking the user's identity.

Chapter 7Lateral Movement, describes how attackers perform lateral movement once they compromise one system.

Chapter 8Privilege Escalation, shows how attackers can escalate privileges in order to gain administrative access to the network system.

Chapter 9Security Policy, focuses on the different aspects of the initial defense strategy, which starts with the importance of a well-created security policy and goes over the best practices for security policies, standards, security awareness training, and core security controls.

Chapter 10Network Segmentation, looks into different aspects of defense in depth, covering physical network segmentation as well as the virtual and hybrid cloud.

Chapter 11Active Sensors, details different types of network sensors that help the organizations to detect attacks.

Chapter 12Threat Intelligence, speaks about the different aspects of threat intelligence from the community as well as from the major vendors.

Chapter 13, Investigating an Incident, goes over two case studies, for an on-premises compromised system and for a cloud-based compromised system, and shows all the steps involved in a security investigation.

Chapter 14Recovery Process, focuses on the recovery process of a compromised system and explains how crucial it is to know what all options are available since live recovery of a system is not possible during certain circumstances.  

Chapter 15Vulnerability Management, describes the importance of vulnerability management to mitigate vulnerability exploitation. It covers the current threat landscape and the growing number of ransomware that exploits known vulnerabilities.

Chapter 16Log Analysis, goes over the different techniques for manual log analysis since it is critical for the reader to gain knowledge on how to deeply analyze different types of logs to hunt suspicious security activities.

Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete