دانلود کتاب Cybersecurity – Attack and Defense Strategies

فهرست مطالب :

Cover
Copyright
Contributors
Table of Contents
Preface
Chapter 1: Security Posture
Why security hygiene should be your number one priority
The current threat landscape
Supply chain attacks
Ransomware
The credentials – authentication and authorization
Apps
Data
Cybersecurity challenges
Old techniques and broader results
The shift in the threat landscape
Enhancing your security posture
Zero Trust
Cloud Security Posture Management
Multi-cloud
The Red and Blue Teams
Assume breach
Summary
References
Chapter 2: Incident Response Process
The incident response process
Reasons to have an IR process in place
Creating an incident response process
Incident response team
Incident life cycle
Handling an incident
Incident handling checklist
Post-incident activity
Real-world scenario 1
Lessons learned from scenario 1
Real-world scenario 2
Lessons learned from scenario 2
Considerations for incident response in the cloud
Updating your IR process to include the cloud
Appropriate toolset
IR process from the Cloud Solution Provider (CSP) perspective
Summary
References
Chapter 3: What is a Cyber Strategy?
How to build a cyber strategy
1 – Understand the business
2 – Understand the threats and risks
3 – Proper documentation
Why do we need to build a cyber strategy?
Best cyber attack strategies
External testing strategies
Internal testing strategies
Blind testing strategy
Targeted testing strategy
Best cyber defense strategies
Defense in depth
Defense in breadth
Benefits of having a proactive cybersecurity strategy
Top cybersecurity strategies for businesses
Training employees about security principles
Protecting networks, information, and computers from viruses, malicious code, and spyware
Having firewall security for all internet connections
Using software updates
Using backup copies
Implementing physical restrictions
Securing Wi-Fi networks
Changing passwords
Limiting access for employees
Using unique user accounts
Conclusion
Further reading
Chapter 4: Understanding the Cybersecurity Kill Chain
Understanding the Cyber Kill Chain
Reconnaissance
Footprinting
Enumeration
Scanning
Weaponization
Delivery
Exploitation
Privilege escalation
Examples of attacks that used exploitation
Installation
Command and Control
Actions on Objectives
Data exfiltration
Obfuscation
Examples of attacks that used Obfuscation
Security controls used to stop the Cyber Kill Chain
Use of UEBA
Security awareness
Threat life cycle management
Forensic data collection
Discovery
Qualification
Investigation
Neutralization
Recovery
Concerns about the Cybersecurity Kill Chain
How the Cyber Kill Chain has evolved
Tools used during the Cyber Kill Chain
Metasploit
Twint
Nikto
Kismet
Sparta
John the Ripper
Hydra
Aircrack-ng
Airgeddon
Deauther Board
HoboCopy
EvilOSX
Comodo AEP via Dragon Platform
Preparation phase
Intrusion phase
Active Breach phase
Summary
Further reading
References
Chapter 5: Reconnaissance
External reconnaissance
Scanning a target’s social media
Dumpster diving
Social engineering
Pretexting
Diversion theft
Water holing
Baiting
Quid pro quo
Tailgating
Phishing
Spear phishing
Phone phishing (vishing)
Internal reconnaissance
Tools used for reconnaissance
External reconnaissance tools
SAINT
Seatbelt.exe
Webshag
FOCA
PhoneInfoga
theHarvester (email harvester)
Open-source intelligence
Keepnet Labs
Internal reconnaissance tools
Airgraph-ng
Sniffing and scanning
Prismdump
tcpdump
Nmap
Wireshark
Scanrand
Masscan
Cain and Abel
Nessus
Wardriving
Hak5 Plunder Bug
CATT
Canary token links
Passive vs. active reconnaissance
How to combat reconnaissance
How to prevent reconnaissance
Summary
References
Chapter 6: Compromising the System
Analyzing current trends
Extortion attacks
Data manipulation attacks
Countering data manipulation attacks
IoT device attacks
How to secure IoT devices
Backdoors
How you can secure against backdoors
Hacking everyday devices
Hacking the cloud
Cloud hacking tools
Cloud security recommendations
Phishing
Exploiting a vulnerability
Zero-day
WhatsApp vulnerability (CVE-2019-3568)
Chrome zero-day vulnerability (CVE-2019-5786)
Windows 10 privilege escalation
Windows privilege escalation vulnerability (CVE20191132)
Fuzzing
Source code analysis
Types of zero-day exploits
Performing the steps to compromise a system
Deploying payloads
Compromising operating systems
Compromising a remote system
Compromising web-based systems
Mobile phone (iOS/Android) attacks
Exodus
SensorID
iPhone hack by Cellebrite
Man-in-the-disk
Spearphone (loudspeaker data capture on Android)
Tap ‘n Ghost
iOS Implant Teardown
Red and Blue Team tools for mobile devices
Snoopdroid
Androguard
Summary
References
Chapter 7: Chasing a User’s Identity
Identity is the new perimeter
Credentials and automation
Strategies for compromising a user’s identity
Gaining access to the network
Harvesting credentials
Hacking a user’s identity
Brute force
Social engineering
Pass the hash
Identity theft through mobile devices
Other methods for hacking an identity
Summary
References
Chapter 8: Lateral Movement
Infiltration
Network mapping
Scan, close/block, and fix
Blocking and slowing down
Detecting Nmap scans
Use of clever tricks
Performing lateral movement
Stage 1 – User compromised (user action)
Malware installs
Beacon, Command & Control (C&C)
Stage 2 – Workstation admin access (user = admin)
Vulnerability = admin
Think like a hacker
What is the graph?
Avoiding alerts
Port scans
Sysinternals
File shares
Windows DCOM
Remote Desktop
Remote Desktop Services Vulnerability (CVE-2019-1181/1182)
PowerShell
PowerSploit
Windows Management Instrumentation
Scheduled tasks
Token stealing
Stolen credentials
Removable media
Tainted shared content
Remote Registry
TeamViewer
Application deployment
Network sniffing
ARP spoofing
AppleScript and IPC (OS X)
Breached host analysis
Central administrator consoles
Email pillaging
Active Directory
Admin shares
Pass the Ticket
Pass-the-Hash (PtH)
Credentials: Where are they stored?
Password hashes
Winlogon
lsass.exe process
Security Accounts Manager (SAM) database
Domain Active Directory Database (NTDS.DIT)
Credential Manager (CredMan) store
PtH mitigation recommendations
Summary
Further reading
References
Chapter 9: Privilege Escalation
Infiltration
Horizontal privilege escalation
Vertical privilege escalation
How privilege escalation works
Credential exploitation
Misconfigurations
Privileged vulnerabilities and exploits
Social engineering
Malware
Avoiding alerts
Performing privilege escalation
Exploiting unpatched operating systems
Access token manipulation
Exploiting accessibility features
Application shimming
Bypassing user account control
Privilege escalation and Container Escape Vulnerability (CVE-2022-0492)
DLL injection
DLL search order hijacking
Dylib hijacking
Exploration of vulnerabilities
Launch daemon
Hands-on example of privilege escalation on a Windows target
Dumping the SAM file
Rooting Android
Using the /etc/passwd file
Extra window memory injection
Hooking
Scheduled tasks
New services
Startup items
Sudo caching
Additional tools for privilege escalation
0xsp Mongoose v1.7
0xsp Mongoose RED for Windows
Hot Potato
Conclusion and lessons learned
Summary
References
Chapter 10: Security Policy
Reviewing your security policy
Shift left approach
Educating the end user
Social media security guidelines for users
Security awareness training
Policy enforcement
Policies in the cloud
Application whitelisting
Hardening
Monitoring for compliance
Automations
Continuously driving security posture enhancement via security policy
Summary
References
Chapter 11: Network Security
The defense-in-depth approach
Infrastructure and services
Documents in transit
Endpoints
Microsegmentation
Physical network segmentation
Discovering your network with a network mapping tool
Securing remote access to the network
Site-to-site VPN
Virtual network segmentation
Zero trust network
Planning zero trust network adoption
Hybrid cloud network security
Cloud network visibility
Summary
References
Chapter 12: Active Sensors
Detection capabilities
Indicators of compromise
Intrusion detection systems
Intrusion prevention system
Rule-based detection
Anomaly-based detection
Behavior analytics on-premises
Device placement
Behavior analytics in a hybrid cloud
Microsoft Defender for Cloud
Analytics for PaaS workloads
Summary
References
Chapter 13: Threat Intelligence
Introduction to threat intelligence
Open-source tools for threat intelligence
Free threat intelligence feeds
Using MITRE ATT&CK
Microsoft threat intelligence
Microsoft Sentinel
Summary
References
Chapter 14: Investigating an Incident
Scoping the issue
Key artifacts
Investigating a compromised system on-premises
Investigating a compromised system in a hybrid cloud
Integrating Defender for Cloud with your SIEM for investigation
Proactive investigation (threat hunting)
Lessons learned
Summary
References
Chapter 15: Recovery Process
Disaster recovery plan
The disaster recovery planning process
Forming a disaster recovery team
Performing risk assessment
Prioritizing processes and operations
Determining recovery strategies
Creating the disaster recovery plan
Testing the plan
Obtaining approval
Maintaining the plan
Challenges
Live recovery
Contingency planning
IT contingency planning process
Development of the contingency planning policy
Conducting business impact analysis
Identifying the preventive controls
Developing recovery strategies
Plan maintenance
Risk management tools
RiskNAV
IT and Cyber Risk Management software
Business continuity plan
Business continuity planning
How to develop a business continuity plan
7 steps to creating an effective business continuity plan
Best practices for disaster recovery
On-premises
On the cloud
Hybrid
Summary
Further reading
References
Chapter 16: Vulnerability Management
Creating a vulnerability management strategy
Asset inventory
Information management
Risk assessment
Scope
Collecting data
Analysis of policies and procedures
Vulnerability analysis
Threat analysis
Analysis of acceptable risks
Vulnerability assessment
Reporting and remediation tracking
Response planning
Elements of a vulnerability strategy
Differences between vulnerability management and vulnerability assessment
Best practices for vulnerability management
Strategies to improve vulnerability management
Vulnerability management tools
Asset inventory tools
Peregrine tools
LANDesk Management Suite
Foundstone’s Enterprise (McAfee)
Information management tools
Risk assessment tools
Vulnerability assessment tools
Reporting and remediation tracking tools
Response planning tools
Intruder
Patch Manager Plus
Windows Server Update Services (WSUS)
Comodo Dragon platform
InsightVM
Azure Threat and Vulnerability Management
Implementing vulnerability management with Nessus
OpenVAS
Qualys
Acunetix
Conclusion
Summary
Further reading
References
Chapter 17: Log Analysis
Data correlation
Operating system logs
Windows logs
Linux logs
Firewall logs
Web server logs
Amazon Web Services (AWS) logs
Accessing AWS logs from Microsoft Sentinel
Azure Activity logs
Accessing Azure Activity logs from Microsoft Sentinel
Google Cloud Platform Logs
Summary
References
Other Books You May Enjoy
Index