Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Cybersecurity Attacks ‚Äì Red Team Strategies
  • Table Of Contents Toc
  • Feedback & Rating feedback
Cybersecurity Attacks – Red Team Strategies

Cybersecurity Attacks – Red Team Strategies

By : Rehberger
4.8 (9)
Buy this Book
close
close
Cybersecurity Attacks – Red Team Strategies

Cybersecurity Attacks – Red Team Strategies

4.8 (9)
By: Rehberger
Buy this Book

Overview of this book

It's now more important than ever for organizations to be ready to detect and respond to security events and breaches. Preventive measures alone are not enough for dealing with adversaries. A well-rounded prevention, detection, and response program is required. This book will guide you through the stages of building a red team program, including strategies and homefield advantage opportunities to boost security. The book starts by guiding you through establishing, managing, and measuring a red team program, including effective ways for sharing results and findings to raise awareness. Gradually, you'll learn about progressive operations such as cryptocurrency mining, focused privacy testing, targeting telemetry, and even blue team tooling. Later, you'll discover knowledge graphs and how to build them, then become well-versed with basic to advanced techniques related to hunting for credentials, and learn to automate Microsoft Office and browsers to your advantage. Finally, you'll get to grips with protecting assets using decoys, auditing, and alerting with examples for major operating systems. By the end of this book, you'll have learned how to build, manage, and measure a red team program effectively and be well-versed with the fundamental operational techniques required to enhance your existing skills.
Table of Contents (17 chapters)
close
close
close
Preface
Icon
Preface
Icon
A note about terminology
Icon
Who this book is for
Icon
What this book covers?
Icon
To get the most out of this book
Icon
Download the example code files
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Reviews
Icon
Disclaimer
1
Section 1: Embracing the Red
chevron up
Icon
Section 1: Embracing the Red
Free Chapter
2
Chapter 1: Establishing an Offensive Security Program
Icon
Chapter 1: Establishing an Offensive Security Program
Icon
Defining the mission – the devil's advocate
Icon
Getting leadership support
Icon
Locating a red team in the organization chart
Icon
The road ahead for offensive security
Icon
Providing different services to the organization
Icon
Additional responsibilities of the offensive program
Icon
Training and education of the offensive security team
Icon
Policies – principles, rules, and standards
Icon
Rules of engagement
Icon
Standard operating procedure
Icon
Modeling the adversary
Icon
Anatomy of a breach
Icon
Modes of execution – surgical or carpet bombing
Icon
Environment and office space
Icon
Summary
Icon
Questions
3
Chapter 2: Managing an Offensive Security Team
Icon
Chapter 2: Managing an Offensive Security Team
Icon
Understanding the rhythm of the business and planning Red Team operations
Icon
Managing and assessing the team
Icon
Management by walking around
Icon
Managing your leadership team
Icon
Managing yourself
Icon
Handling logistics, meetings, and staying on track
Icon
Growing as a team
Icon
Leading and inspiring the team
Icon
For the best results – let them loose!
Icon
Leveraging homefield advantage
Icon
Disrupting the purple team
Icon
Summary
Icon
Questions
4
Chapter 3: Measuring an Offensive Security Program
Icon
Chapter 3: Measuring an Offensive Security Program
Icon
Understanding the illusion of control
Icon
The road to maturity
Icon
Threats – trees and graphs
Icon
Defining metrics and KPIs
Icon
Test Maturity Model integration (TMMi ®)and red teaming
Icon
MITRE ATT&CK™ Matrix
Icon
Remembering what red teaming is about
Icon
Summary
Icon
Questions
5
Chapter 4: Progressive Red Teaming Operations
Icon
Chapter 4: Progressive Red Teaming Operations
Icon
Exploring varieties of cyber operational engagements
Icon
Cryptocurrency mining
Icon
Red teaming for privacy
Icon
Red teaming the red team
Icon
Targeting the blue team
Icon
Leveraging the blue team's endpoint protection as C2
Icon
Social media and targeted advertising
Icon
Targeting telemetry collection to manipulate feature development
Icon
Attacking artificial intelligence and machine learning
Icon
Operation Vigilante – using the red team to fix things
Icon
Emulating real-world advanced persistent threats (APTs)
Icon
Performing tabletop exercises
Icon
Summary
Icon
Questions
6
Section 2: Tactics and Techniques
Icon
Section 2: Tactics and Techniques
7
Chapter 5: Situational Awareness – Mapping Out the Homefield Using Graph Databases
Icon
Chapter 5: Situational Awareness – Mapping Out the Homefield Using Graph Databases
Icon
Understanding attack and knowledge graphs
Icon
Graph database basics
Icon
Building the homefield graph using Neo4j
Icon
Exploring the Neo4j browser
Icon
Creating and querying information
Icon
Summary
Icon
Questions
8
Chapter 6: Building a Comprehensive Knowledge Graph
Icon
Chapter 6: Building a Comprehensive Knowledge Graph
Icon
Technical requirements
Icon
Case study – the fictional Shadow Bunny corporation
Icon
Mapping out the cloud!
Icon
Importing cloud assets
Icon
Loading CSV data into the graph database
Icon
Adding more data to the knowledge graph
Icon
Augmenting an existing graph or building one from scratch?
Icon
Summary
Icon
Questions
9
Chapter 7: Hunting for Credentials
Icon
Chapter 7: Hunting for Credentials
Icon
Technical requirements
Icon
Clear text credentials and how to find them
Icon
Leveraging indexing techniques to find credentials
Icon
Hunting for ciphertext and hashes
Icon
Summary
Icon
Questions
10
Chapter 8: Advanced Credential Hunting
Icon
Chapter 8: Advanced Credential Hunting
Icon
Technical requirements
Icon
Understanding the Pass the Cookie technique
Icon
Credentials in process memory
Icon
Abusing logging and tracing to steal credentials and access tokens
Icon
Windows Credential Manager and macOS Keychain
Icon
Using optical character recognition to find sensitive information in images
Icon
Exploiting the default credentials of local admin accounts
Icon
Phishing attacks and credential dialog spoofing
Icon
Performing password spray attacks
Icon
Summary
Icon
Questions
11
Chapter 9: Powerful Automation
Icon
Chapter 9: Powerful Automation
Icon
Technical requirements
Icon
Understanding COM automation on Windows
Icon
Achieving objectives by automating Microsoft Office
Icon
Automating and remote controlling web browsers as an adversarial technique
Icon
Summary
Icon
Questions
12
Chapter 10: Protecting the Pen Tester
Icon
Chapter 10: Protecting the Pen Tester
Icon
Technical requirements
Icon
Locking down your machines (shields up)
Icon
Improving documentation with custom Hacker Shell prompts
Icon
Monitoring and alerting for logins and login attempts
Icon
Summary
Icon
Questions
13
Chapter 11: Traps, Deceptions, and Honeypots
Icon
Chapter 11: Traps, Deceptions, and Honeypots
Icon
Technical requirements
Icon
Actively defending pen testing assets
Icon
Understanding and using Windows Audit ACLs
Icon
Notifications for file audit events on Windows
Icon
Building a Homefield Sentinel – a basic Windows Service for defending hosts
Icon
Monitoring access to honeypot files on Linux
Icon
Alerting for suspicious file access on macOS
Icon
Summary
Icon
Questions
14
Chapter 12: Blue Team Tactics for the Red Team
Icon
Chapter 12: Blue Team Tactics for the Red Team
Icon
Understanding centralized monitoring solutions that blue teams leverage
Icon
Using osquery to gain insights and protect pen testing assets
Icon
Leveraging Filebeat, Elasticsearch, and Kibana
Icon
Summary
Icon
Questions
15
Assessments
Icon
Chapter 1
Icon
Chapter 2
Icon
Chapter 3
Icon
Chapter 4
Icon
Chapter 5
Icon
Chapter 6
Icon
Chapter 7
Icon
Chapter 8
Icon
Chapter 9
Icon
Chapter 10
Icon
Chapter 11
Icon
Chapter 12
16
Another Book You May Enjoy
Icon
Another Book You May Enjoy
Icon
Leave a review - let other readers know what you think

Section 1: Embracing the Red

An organization must be ready to detect and respond to security events and breaches effectively. Preventive measures alone are not enough to deal with adversaries. An organization needs to create a well-rounded prevention, detection, and response program.

Establishing an offensive security program can help improve the security posture of your organization and identify weaknesses in prevention, detection, and response to security incidents.

In the first part of this book, we will discuss establishing, managing, and measuring an internal offensive security program. This part is en titled Embracing the Red to highlight the importance of having dedicated testing efforts in place and building and encouraging a culture of transparency when it comes to identifying and discussing security challenges and weaknesses within an organization. We will dive into details, learnings, and organizational challenges on how to build, manage, and measure an internal offensive security program.

One of the benefits an internal offensive security team can provide compared to a real-world adversary is that of Homefield Advantage and the collaboration between all stakeholders to demonstrate the immediate benefits of improving the security posture of the organization.

Furthermore, we will explore progressive red team operations, such as crypto jacking, dedicated operations to identify privacy violation, pen testing the pen testers, and much more.

This part comprises the following chapters:

  • Chapter 1, Establishing an Offensive Security Program
  • Chapter 2, Managing an Offensive Security Team
  • Chapter 3, Measuring an Offensive Security Program
  • Chapter 4, Progressive Red Teaming Operations

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Chapter 1
Next Chapter

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY