With a threat landscape that it is in constant motion, it becomes imperative to have a strong security posture, which in reality means enhancing the protection, detection, and response. Throughout this book, you will learn the attack methods and patterns to recognize abnormal behavior within your organization with Blue Team tactics. You will also learn techniques to gather exploitation intelligence, identify risks, and demonstrate impact on Red and Blue team strategies.
This book is for information security professionals and IT professionals who want to know more about Cybersecurity.
Chapter 1, Security Posture, defines what constitute a secure posture and how it helps in understanding the importance of having a good defense and attack strategy.
Chapter 2, Incident Response Process, introduces the incident response process and the importance to have one. It goes over different industry standards and best practices for handling the incident response.
Chapter 3, Understanding the Cybersecurity Kill Chain, prepares the reader to understand the mindset of an attacker, the different stages of the attack, and what usually takes place in each one of those phases.
Chapter 4, Reconnaissance, speaks about the different strategies to perform reconnaissance and how data is gathered to obtain information about the target for planning the attack.
Chapter 5, Compromising the System, shows current trends in strategies to compromise the system and explains how to compromise a system.
Chapter 6, Chasing a User's Identity, explains the importance of protecting the user's identity to avoid credential theft and goes through the process of hacking the user's identity.
Chapter 7, Lateral Movement, describes how attackers perform lateral movement once they compromise one system.
Chapter 8, Privilege Escalation, shows how attackers can escalate privileges in order to gain administrative access to the network system.
Chapter 9, Security Policy, focuses on the different aspects of the initial defense strategy, which starts with the importance of a well-created security policy and goes over the best practices for security policies, standards, security awareness training, and core security controls.
Chapter 10, Network Segmentation, looks into different aspects of defense in depth, covering physical network segmentation as well as the virtual and hybrid cloud.
Chapter 11, Active Sensors, details different types of network sensors that help the organizations to detect attacks.
Chapter 12, Threat Intelligence, speaks about the different aspects of threat intelligence from the community as well as from the major vendors.
Chapter 13, Investigating an Incident, goes over two case studies, for an on-premises compromised system and for a cloud-based compromised system, and shows all the steps involved in a security investigation.
Chapter 14, Recovery Process, focuses on the recovery process of a compromised system and explains how crucial it is to know what all options are available since live recovery of a system is not possible during certain circumstances.
Chapter 15, Vulnerability Management, describes the importance of vulnerability management to mitigate vulnerability exploitation. It covers the current threat landscape and the growing number of ransomware that exploits known vulnerabilities.
Chapter 16, Log Analysis, goes over the different techniques for manual log analysis since it is critical for the reader to gain knowledge on how to deeply analyze different types of logs to hunt suspicious security activities.
- We assume that the readers of this book know the basic information security concepts, Windows, and Linux operating systems.
- Some of the demonstrations from this book can also be done in a lab environment; therefore, we recommend you to have a virtual lab with the following VMs: Windows Server 2012, Windows 10, and Kali Linux.
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/CybersecurityAttackandDefenseStrategies_ColorImages.pdf.
There are a number of text conventions used throughout this book.
CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Mount the downloaded WebStorm-10*.dmg disk image file as another disk in your system."
Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Select System info from the "Administration panel.
Feedback from our readers is always welcome.
General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.
Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!
For more information about Packt, please visit packtpub.com.