Master cutting-edge techniques and countermeasures to protect your organization from live hackers. Learn how to harness cyber deception in your operations to gain an edge over the competition.

Key Features

  • Gain an advantage against live hackers in a competition or real computing environment
  • Understand advanced red team and blue team techniques with code examples
  • Learn to battle in short-term memory, whether remaining unseen (red teams) or monitoring an attacker's traffic (blue teams)

Book Description

Little has been written about what to do when live hackers are on your system and running amok. Even experienced hackers tend to choke up when they realize the network defender has caught them and is zoning in on their implants in real time. This book will provide tips and tricks all along the kill chain of an attack, showing where hackers can have the upper hand in a live conflict and how defenders can outsmart them in this adversarial game of computer cat and mouse.

This book contains two subsections in each chapter, specifically focusing on the offensive and defensive teams. It begins by introducing you to adversarial operations and principles of computer conflict where you will explore the core principles of deception, humanity, economy, and more about human-on-human conflicts. Additionally, you will understand everything from planning to setting up infrastructure and tooling that both sides should have in place.

Throughout this book, you will learn how to gain an advantage over opponents by disappearing from what they can detect. You will further understand how to blend in, uncover other actors' motivations and means, and learn to tamper with them to hinder their ability to detect your presence. Finally, you will learn how to gain an advantage through advanced research and thoughtfully concluding an operation.

By the end of this book, you will have achieved a solid understanding of cyberattacks from both an attacker's and a defender's perspective.

What you will learn

  • Understand how to implement process injection and how to detect it
  • Turn the tables on the offense with active defense
  • Disappear on the defender's system, by tampering with defensive sensors
  • Upskill in using deception with your backdoors and countermeasures including honeypots
  • Kick someone else from a computer you are on and gain the upper hand
  • Adopt a language agnostic approach to become familiar with techniques that can be applied to both the red and blue teams
  • Prepare yourself for real-time cybersecurity conflict by using some of the best techniques currently in the industry

Who this book is for

Pentesters to red teamers, security operations center analysts to incident responders, attackers, defenders, general hackers, advanced computer users, and security engineers should gain a lot from this book. This book will also be beneficial to those getting into purple teaming or adversarial simulations, as it includes processes for gaining an advantage over the other team.

Basic knowledge of Python programming, Go programming, Bash, PowerShell, and systems administration is desirable. Furthermore, knowledge of incident response and Linux is beneficial. Prior exposure to cybersecurity, penetration testing, and ethical hacking basics is desirable.

Table of Contents

  1. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Get in touch
  2. Theory on Adversarial Operations and Principles of Computer Conflict
    1. Adversarial theory
    2. CIAAAN
    3. Game theory
    4. Principles of computer conflict
    5. Offense versus defense
    6. Principle of deception
    7. Principle of physical access
    8. Principle of humanity
    9. Principle of economy
    10. Principle of planning
    11. Principle of innovation
    12. Principle of time
    13. Summary
    14. References
  3. Preparing for Battle
    1. Essential considerations
    2. Communications
    3. Long-term planning
    4. Expertise
    5. Operational planning
    6. Defensive perspective
    7. Signal collection
    8. Data management
    9. Analysis tooling
    10. Defensive KPIs
    11. Offensive perspective
    12. Scanning and exploitation
    13. Payload development
    14. Auxiliary tooling
    15. Offensive KPIs
    16. Summary
    17. References
  4. Invisible is Best (Operating in Memory)
    1. Gaining the advantage
    2. Offensive perspective
    3. Process injection
    4. In-memory operations
    5. Defensive perspective
    6. Detecting process injection
    7. Preparing for attacker techniques
    8. The invisible defense
    9. Summary
    10. References
  5. Blending In
    1. Offensive perspective
    2. Persistence options
    3. LOLbins
    4. DLL search order hijacking
    5. Executable file infection
    6. Covert command and control channels
    7. ICMP C2
    8. DNS C2
    9. Domain fronting
    10. Combining offensive techniques
    11. Defensive perspective
    12. C2 detection
    13. ICMP C2 detection
    14. DNS C2 detection
    15. Persistence detection
    16. Detecting DLL search order hijacking
    17. Detecting backdoored executables
    18. Honey tricks
    19. Honey tokens
    20. Honeypots
    21. Summary
    22. References
  6. Active Manipulation
    1. Offensive perspective
    2. Clearing logs
    3. Hybrid approach
    4. Rootkits
    5. Defensive perspective
    6. Data integrity and verification
    7. Detecting rootkits
    8. Manipulating attackers
    9. Keeping attackers distracted
    10. Tricking attackers
    11. Summary
    12. References
  7. Real-Time Conflict
    1. Offensive perspective
    2. Situational awareness
    3. Understanding the system
    4. Clear the Bash history
    5. Abusing Docker
    6. Gleaning operational information
    7. Keylogging
    8. Screenshot spy
    9. Getting passwords
    10. Searching files for secrets
    11. Backdooring password utilities
    12. Pivoting
    13. SSH agent hijacking
    14. SSH ControlMaster hijacking
    15. RDP hijacking
    16. Hijacking other administrative controls
    17. Defensive perspective
    18. Exploring users, processes, and connections
    19. Root cause analysis
    20. Killing malicious processes
    21. Killing connections and banning IPs
    22. Network quarantine
    23. Rotating credentials
    24. Restricting permissions
    25. Chattr revisited
    26. chroot
    27. Using namespaces
    28. Controlling users
    29. Shut it down
    30. Hacking back
    31. Hunting attacker infrastructure
    32. Exploiting attacker tools
    33. Summary
    34. References
  8. The Research Advantage
    1. Gaming the game
    2. Offensive perspective
    3. The world of memory corruption
    4. Targeting research and prep
    5. Target exploitation
    6. Creative pivoting
    7. Defensive perspective
    8. Tool exploitation
    9. Threat modeling
    10. Operating system and application research
    11. Log and analyze your own data
    12. Attribution
    13. Summary
    14. References
  9. Clearing the Field
    1. Offensive perspective
    2. Exfiltration
    3. Protocol tunneling
    4. Steganography
    5. Anonymity networks
    6. Ending the operation
    7. Program security versus operational security
    8. Taking down infrastructure
    9. Rotating offensive tools
    10. Retiring and replacing techniques
    11. Defensive perspective
    12. Responding to an intrusion
    13. The big flip
    14. The remediation effort
    15. A post-mortem after the incident
    16. Forward looking
    17. Publish results
    18. Summary
    19. References
  10. Other Books You May Enjoy
  11. Index