دانلود کتاب Cybersecurity – Attack and Defense Strategies

فهرست مطالب :

Cover Copyright Contributors Table of Contents Preface Chapter 1: Security Posture Why security hygiene should be your number one priority The current threat landscape Supply chain attacks Ransomware The credentials – authentication and authorization Apps Data Cybersecurity challenges Old techniques and broader results The shift in the threat landscape Enhancing your security posture Zero Trust Cloud Security Posture Management Multi-cloud The Red and Blue Teams Assume breach Summary References Chapter 2: Incident Response Process The incident response process Reasons to have an IR process in place Creating an incident response process Incident response team Incident life cycle Handling an incident Incident handling checklist Post-incident activity Real-world scenario 1 Lessons learned from scenario 1 Real-world scenario 2 Lessons learned from scenario 2 Considerations for incident response in the cloud Updating your IR process to include the cloud Appropriate toolset IR process from the Cloud Solution Provider (CSP) perspective Summary References Chapter 3: What is a Cyber Strategy? How to build a cyber strategy 1 – Understand the business 2 – Understand the threats and risks 3 – Proper documentation Why do we need to build a cyber strategy? Best cyber attack strategies External testing strategies Internal testing strategies Blind testing strategy Targeted testing strategy Best cyber defense strategies Defense in depth Defense in breadth Benefits of having a proactive cybersecurity strategy Top cybersecurity strategies for businesses Training employees about security principles Protecting networks, information, and computers from viruses, malicious code, and spyware Having firewall security for all internet connections Using software updates Using backup copies Implementing physical restrictions Securing Wi-Fi networks Changing passwords Limiting access for employees Using unique user accounts Conclusion Further reading Chapter 4: Understanding the Cybersecurity Kill Chain Understanding the Cyber Kill Chain Reconnaissance Footprinting Enumeration Scanning Weaponization Delivery Exploitation Privilege escalation Examples of attacks that used exploitation Installation Command and Control Actions on Objectives Data exfiltration Obfuscation Examples of attacks that used Obfuscation Security controls used to stop the Cyber Kill Chain Use of UEBA Security awareness Threat life cycle management Forensic data collection Discovery Qualification Investigation Neutralization Recovery Concerns about the Cybersecurity Kill Chain How the Cyber Kill Chain has evolved Tools used during the Cyber Kill Chain Metasploit Twint Nikto Kismet Sparta John the Ripper Hydra Aircrack-ng Airgeddon Deauther Board HoboCopy EvilOSX Comodo AEP via Dragon Platform Preparation phase Intrusion phase Active Breach phase Summary Further reading References Chapter 5: Reconnaissance External reconnaissance Scanning a target’s social media Dumpster diving Social engineering Pretexting Diversion theft Water holing Baiting Quid pro quo Tailgating Phishing Spear phishing Phone phishing (vishing) Internal reconnaissance Tools used for reconnaissance External reconnaissance tools SAINT Seatbelt.exe Webshag FOCA PhoneInfoga theHarvester (email harvester) Open-source intelligence Keepnet Labs Internal reconnaissance tools Airgraph-ng Sniffing and scanning Prismdump tcpdump Nmap Wireshark Scanrand Masscan Cain and Abel Nessus Wardriving Hak5 Plunder Bug CATT Canary token links Passive vs. active reconnaissance How to combat reconnaissance How to prevent reconnaissance Summary References Chapter 6: Compromising the System Analyzing current trends Extortion attacks Data manipulation attacks Countering data manipulation attacks IoT device attacks How to secure IoT devices Backdoors How you can secure against backdoors Hacking everyday devices Hacking the cloud Cloud hacking tools Cloud security recommendations Phishing Exploiting a vulnerability Zero-day WhatsApp vulnerability (CVE-2019-3568) Chrome zero-day vulnerability (CVE-2019-5786) Windows 10 privilege escalation Windows privilege escalation vulnerability (CVE20191132) Fuzzing Source code analysis Types of zero-day exploits Performing the steps to compromise a system Deploying payloads Compromising operating systems Compromising a remote system Compromising web-based systems Mobile phone (iOS/Android) attacks Exodus SensorID iPhone hack by Cellebrite Man-in-the-disk Spearphone (loudspeaker data capture on Android) Tap ‘n Ghost iOS Implant Teardown Red and Blue Team tools for mobile devices Snoopdroid Androguard Summary References Chapter 7: Chasing a User’s Identity Identity is the new perimeter Credentials and automation Strategies for compromising a user’s identity Gaining access to the network Harvesting credentials Hacking a user’s identity Brute force Social engineering Pass the hash Identity theft through mobile devices Other methods for hacking an identity Summary References Chapter 8: Lateral Movement Infiltration Network mapping Scan, close/block, and fix Blocking and slowing down Detecting Nmap scans Use of clever tricks Performing lateral movement Stage 1 – User compromised (user action) Malware installs Beacon, Command & Control (C&C) Stage 2 – Workstation admin access (user = admin) Vulnerability = admin Think like a hacker What is the graph? Avoiding alerts Port scans Sysinternals File shares Windows DCOM Remote Desktop Remote Desktop Services Vulnerability (CVE-2019-1181/1182) PowerShell PowerSploit Windows Management Instrumentation Scheduled tasks Token stealing Stolen credentials Removable media Tainted shared content Remote Registry TeamViewer Application deployment Network sniffing ARP spoofing AppleScript and IPC (OS X) Breached host analysis Central administrator consoles Email pillaging Active Directory Admin shares Pass the Ticket Pass-the-Hash (PtH) Credentials: Where are they stored? Password hashes Winlogon lsass.exe process Security Accounts Manager (SAM) database Domain Active Directory Database (NTDS.DIT) Credential Manager (CredMan) store PtH mitigation recommendations Summary Further reading References Chapter 9: Privilege Escalation Infiltration Horizontal privilege escalation Vertical privilege escalation How privilege escalation works Credential exploitation Misconfigurations Privileged vulnerabilities and exploits Social engineering Malware Avoiding alerts Performing privilege escalation Exploiting unpatched operating systems Access token manipulation Exploiting accessibility features Application shimming Bypassing user account control Privilege escalation and Container Escape Vulnerability (CVE-2022-0492) DLL injection DLL search order hijacking Dylib hijacking Exploration of vulnerabilities Launch daemon Hands-on example of privilege escalation on a Windows target Dumping the SAM file Rooting Android Using the /etc/passwd file Extra window memory injection Hooking Scheduled tasks New services Startup items Sudo caching Additional tools for privilege escalation 0xsp Mongoose v1.7 0xsp Mongoose RED for Windows Hot Potato Conclusion and lessons learned Summary References Chapter 10: Security Policy Reviewing your security policy Shift left approach Educating the end user Social media security guidelines for users Security awareness training Policy enforcement Policies in the cloud Application whitelisting Hardening Monitoring for compliance Automations Continuously driving security posture enhancement via security policy Summary References Chapter 11: Network Security The defense-in-depth approach Infrastructure and services Documents in transit Endpoints Microsegmentation Physical network segmentation Discovering your network with a network mapping tool Securing remote access to the network Site-to-site VPN Virtual network segmentation Zero trust network Planning zero trust network adoption Hybrid cloud network security Cloud network visibility Summary References Chapter 12: Active Sensors Detection capabilities Indicators of compromise Intrusion detection systems Intrusion prevention system Rule-based detection Anomaly-based detection Behavior analytics on-premises Device placement Behavior analytics in a hybrid cloud Microsoft Defender for Cloud Analytics for PaaS workloads Summary References Chapter 13: Threat Intelligence Introduction to threat intelligence Open-source tools for threat intelligence Free threat intelligence feeds Using MITRE ATT&CK Microsoft threat intelligence Microsoft Sentinel Summary References Chapter 14: Investigating an Incident Scoping the issue Key artifacts Investigating a compromised system on-premises Investigating a compromised system in a hybrid cloud Integrating Defender for Cloud with your SIEM for investigation Proactive investigation (threat hunting) Lessons learned Summary References Chapter 15: Recovery Process Disaster recovery plan The disaster recovery planning process Forming a disaster recovery team Performing risk assessment Prioritizing processes and operations Determining recovery strategies Creating the disaster recovery plan Testing the plan Obtaining approval Maintaining the plan Challenges Live recovery Contingency planning IT contingency planning process Development of the contingency planning policy Conducting business impact analysis Identifying the preventive controls Developing recovery strategies Plan maintenance Risk management tools RiskNAV IT and Cyber Risk Management software Business continuity plan Business continuity planning How to develop a business continuity plan 7 steps to creating an effective business continuity plan Best practices for disaster recovery On-premises On the cloud Hybrid Summary Further reading References Chapter 16: Vulnerability Management Creating a vulnerability management strategy Asset inventory Information management Risk assessment Scope Collecting data Analysis of policies and procedures Vulnerability analysis Threat analysis Analysis of acceptable risks Vulnerability assessment Reporting and remediation tracking Response planning Elements of a vulnerability strategy Differences between vulnerability management and vulnerability assessment Best practices for vulnerability management Strategies to improve vulnerability management Vulnerability management tools Asset inventory tools Peregrine tools LANDesk Management Suite Foundstone’s Enterprise (McAfee) Information management tools Risk assessment tools Vulnerability assessment tools Reporting and remediation tracking tools Response planning tools Intruder Patch Manager Plus Windows Server Update Services (WSUS) Comodo Dragon platform InsightVM Azure Threat and Vulnerability Management Implementing vulnerability management with Nessus OpenVAS Qualys Acunetix Conclusion Summary Further reading References Chapter 17: Log Analysis Data correlation Operating system logs Windows logs Linux logs Firewall logs Web server logs Amazon Web Services (AWS) logs Accessing AWS logs from Microsoft Sentinel Azure Activity logs Accessing Azure Activity logs from Microsoft Sentinel Google Cloud Platform Logs Summary References Other Books You May Enjoy Index