Cybersecurity:Attack and Defense Strategies
Yuri Diogenes Erdal Ozkaya更新时间:2021-06-30 19:16:50
最新章节:Leave a review - let other readers know what you thinkcoverpage
Title Page
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the authors
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Security Posture
The current threat landscape
The credentials – authentication and authorization
Apps
Data
Cybersecurity challenges
Old techniques and broader results
The shift in the threat landscape
Enhancing your security posture
The Red and Blue Team
Assume breach
References
Summary
Incident Response Process
Incident response process
Reasons to have an IR process in place
Creating an incident response process
Incident response team
Incident life cycle
Handling an incident
Best practices to optimize incident handling
Post-incident activity
Real-world scenario
Lessons learned
Incident response in the cloud
Updating your IR process to include cloud
References
Summary
Understanding the Cybersecurity Kill Chain
External reconnaissance
Scanning
NMap
Metasploit
John the Ripper
THC Hydra
Wireshark
Aircrack-ng
Nikto
Kismet
Cain and Abel
Access and privilege escalation
Vertical privilege escalation
Horizontal privilege escalation
Exfiltration
Sustainment
Assault
Obfuscation
Threat life cycle management
References
Summary
Reconnaissance
External reconnaissance
Dumpster diving
Social media
Social engineering
Pretexting
Diversion theft
Phishing
Phone phishing (vishing)
Spear phishing
Water holing
Baiting
Quid pro quo
Tailgating
Internal reconnaissance
Sniffing and scanning
Prismdump
tcpdump
NMap
Wireshark
Scanrand
Cain and Abel
Nessus
Metasploit
Aircrack-ng
Wardriving
Conclusion of the reconnaissance chapter
References
Summary
Compromising the System
Analyzing current trends
Extortion attacks
Data manipulation attacks
IoT device attacks
Backdoors
Mobile device attacks
Hacking everyday devices
Hacking the cloud
Phishing
Exploiting a vulnerability
Zero-day
Fuzzing
Source code analysis
Types of zero-day exploits
Buffer overflows
Structured exception handler overwrites
Performing the steps to compromise a system
Deploying payloads
Installing and using a vulnerability scanner
Using Metasploit
Compromising operating systems
Compromising systems using Kon-Boot or Hiren's BootCD
Compromising systems using a Linux Live CD
Compromising systems using preinstalled applications
Compromising systems using Ophcrack
Compromising a remote system
Compromising web-based systems
SQL injection
Cross-site scripting
Broken authentication
DDoS attacks
References
Summary
Chasing a User's Identity
Identity is the new perimeter
Strategies for compromising a user's identity
Gaining access to the network
Harvesting credentials
Hacking a user's identity
Brute force
Social engineering
Pass the hash
Other methods to hack identity
References
Summary
Lateral Movement
Infiltration
Network mapping
Avoiding alerts
Performing lateral movement
Port scans
Sysinternals
File shares
Remote Desktop
PowerShell
Windows Management Instrumentation
Scheduled tasks
Token stealing
Pass-the-hash
Active Directory
Remote Registry
Breached host analysis
Central administrator consoles
Email pillaging
References
Summary
Privilege Escalation
Infiltration
Horizontal privilege escalation
Vertical privilege escalation
Avoiding alerts
Performing privilege escalation
Exploiting unpatched operating systems
Access token manipulation
Exploiting accessibility features
Application shimming
Bypassing user account control
DLL injection
DLL search order hijacking
Dylib hijacking
Exploration of vulnerabilities
Launch daemon
Hands-on example of privilege escalation on a Windows 8 target
Conclusion and lessons learned
References
Summary
Security Policy
Reviewing your security policy
Educating the end user
Social media security guidelines for users
Security awareness training
Policy enforcement
Application whitelisting
Hardening
Monitoring for compliance
References
Summary
Network Segmentation
Defense in depth approach
Infrastructure and services
Documents in transit
Endpoints
Physical network segmentation
Discovering your network
Securing remote access to the network
Site-to-site VPN
Virtual network segmentation
Hybrid cloud network security
References
Summary
Active Sensors
Detection capabilities
Indicators of compromise
Intrusion detection systems
Intrusion prevention system
Rule-based detection
Anomaly-based detection
Behavior analytics on-premises
Device placement
Behavior analytics in a hybrid cloud
Azure Security Center
References
Summary
Threat Intelligence
Introduction to threat intelligence
Open source tools for threat intelligence
Microsoft threat intelligence
Azure Security Center
Leveraging threat intelligence to investigate suspicious activity
References
Summary
Investigating an Incident
Scoping the issue
Key artifacts
Investigating a compromised system on-premises
Investigating a compromised system in a hybrid cloud
Search and you shall find it
Lessons learned
References
Summary
Recovery Process
Disaster recovery plan
The disaster recovery planning process
Forming a disaster recovery team
Performing risk assessment
Prioritizing processes and operations
Determining recovery strategies
Collecting data
Creating the disaster recovery plan
Testing the plan
Obtaining approval
Maintaining the plan
Challenges
Live recovery
Contingency planning
IT contingency planning process
Development of the contingency planning policy
Conducting business impact analysis
Identifying the critical IT resources
Identifying disruption impacts
Developing recovery priorities
Identifying the preventive controls
Developing recovery strategies
Backups
Alternative sites
Equipment replacement
Plan testing training and exercising
Plan maintenance
Best practices for recovery
References
Summary
Vulnerability Management
Creating a vulnerability management strategy
Asset inventory
Information management
Risk assessment
Scope
Collecting data
Analysis of policies and procedures
Vulnerability analysis
Threat analysis
Analysis of acceptable risks
Vulnerability assessment
Reporting and remediation tracking
Response planning
Vulnerability management tools
Asset inventory tools
Peregrine tools
LANDesk Management Suite
StillSecure
Foundstone's Enterprise
Information management tools
Risk assessment tools
Vulnerability assessment tools
Reporting and remediation tracking tools
Response planning tools
Implementation of vulnerability management
Best practices for vulnerability management
Implementing vulnerability management with Nessus
Flexera (Secunia) Personal Software Inspector
Conclusion
References
Summary
Log Analysis
Data correlation
Operating system logs
Windows logs
Linux logs
Firewall logs
Web server logs
References
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think
更新时间:2021-06-30 19:16:50