You don’t need a technical background to understand core cybersecurity concepts and their practical applications – all you need is this book. It covers all the important stuff and leaves out the jargon, giving you a broad view of how specific attacks work and common methods used by online adversaries, as well as the controls and strategies you can use to defend against them.

Each chapter tackles a new topic from the ground up, such as malware or social engineering, with easy-to-grasp explanations of the technology at play and relatable, real-world examples. Hands-on exercises then turn the conceptual knowledge you’ve gained into cyber-savvy skills that will make you safer at work and at home. You’ll explore various types of authentication (and how they can be broken), ways to prevent infections from different types of malware, like worms and viruses, and methods for protecting your cloud accounts from adversaries who target web apps.

You’ll also learn how to:

•Use command-line tools to see information about your computer and network
•Analyze email headers to detect phishing attempts
•Open potentially malicious documents in a sandbox to safely see what they do
•Set up your operating system accounts, firewalls, and router to protect your network
•Perform a SQL injection attack by targeting an intentionally vulnerable website
•Encrypt and hash your files

In addition, you’ll get an inside look at the roles and responsibilities of security professionals, see how an attack works from a cybercriminal’s viewpoint, and get first-hand experience implementing sophisticated cybersecurity measures on your own devices.

Table of Contents

  1. Title Page
  2. Copyright
  3. Dedication
  4. About the Author
  5. Preface
    1. A Note on the Book’s Exercises
    2. Who This Book Is For
    3. What’s in the Book?
  7. Chapter 1: An Introduction to Cybersecurity
    1. What Is Cybersecurity?
    2. Cybersecurity and Privacy
    3. What Cybersecurity Isn’t
    4. Black Hats vs. White Hats
    5. Types of Black Hats
    6. Types of White Hats
    7. Exercise: Learning More About Cybersecurity and Threats
    8. Conclusion
  8. Chapter 2: Attack Targets on the Internet
    1. How the Internet Works
    2. TCP/IP: The Backbone of the Internet
    3. Public vs. Private Networks
    4. How the Internet Looks to a Black Hat
    5. The Black Hat Attack Methodology
    6. Reconnaissance
    7. Weaponization
    8. Delivery
    9. Exploitation and Installation
    10. Command and Control, and Attack on Objectives
    11. How Black Hats Find You
    12. Example 1: The Merger
    13. Example 2: Social Media Hunting
    14. How to Hide from Black Hats
    15. The Internet Is Open
    16. The Internet Is Public
    17. The Internet Is Forever
    18. Exercise: Analyzing Your Network
    19. Network Command Line Tools
    20. Using Shodan
    21. Conclusion
  9. Chapter 3: Phishing Tactics
    1. What Is Phishing?
    2. An Obvious Phish
    3. Not All Phishing Is Obvious
    4. Using Details for a More Convincing Phish
    5. Vishing and Other Non-Email Phishing
    6. How to Protect Yourself Against Phishing
    7. How Black Hats Trick You with URLs
    8. Typosquatting
    9. Complex URLs and Redirects
    10. Modifying DNS Records
    11. Hoaxes
    12. Why Black Hats Love Phishing
    13. Think Twice to Avoid Phishing
    14. Take an Alternate Route
    15. Listen to Your Spidey Sense
    16. Exercise: Analyzing a Phishing Email
    17. Phishing Email Indicators
    18. Header Analysis
    19. URL Analysis
    20. Conclusion
  10. Chapter 4: Malware Infections
    1. What Is Malware?
    2. Types of Malware
    3. Viruses
    4. Worms
    5. Trojans
    6. Ransomware
    7. Spyware and Adware
    8. Rootkits and Bootkits
    9. Polymorphic Malware
    10. How Black Hats Deploy Malware
    11. How to Defend Against Malware
    12. Exercise: Analyzing Malware and Managing Antivirus Settings
    13. Analyzing Malware in Attachments
    14. Reviewing Antivirus Settings
    15. Conclusion
  11. Chapter 5: Password Thefts and Other Account Access Tricks
    1. Authentication
    2. Types of Authentication
    3. Multi-Factor Authentication
    4. Authorization
    5. Mandatory Access Control
    6. Rule-Based Access Control
    7. Role-Based Access Control
    8. Attribute-Based Access Control
    9. Discretionary Access Control
    10. Accounting
    11. Logging
    12. Auditing
    13. Indicators of Attack
    14. Exercise: Setting Up Accounts in Windows 10 and macOS
    15. Windows 10
    16. Access Control on macOS
    17. Conclusion
  12. Chapter 6: Network Tapping
    1. The Basics of Network Design
    2. Attacking Your Network
    3. How Black Hats See Your Traffic
    4. Man-in-the-Middle Attacks
    5. Denial of Service
    6. Distributed Denial of Service
    7. Defense Against Network Attacks
    8. Firewalls
    9. Intrusion Detection Systems
    10. Intrusion Prevention Systems
    11. Exercise: Setting Up Your Firewall
    12. Windows
    13. macOS
    14. Conclusion
  13. Chapter 7: Attacks in the Cloud
    1. How Cloud Computing Works
    2. Software as a Service
    3. Platform as a Service
    4. Infrastructure as a Service
    5. Security as a Service
    6. Attacking the Cloud
    7. Web Application Attacks
    8. Defending the Cloud
    9. Exercise: Performing SQL Injection on the Damn Vulnerable Web Application
    10. Installing Docker and the DVWA
    11. Listing Users
    12. Finding Database Table Names
    13. Finding Passwords
    14. Conclusion
  14. Chapter 8: Wireless Network Pirating
    1. How Wireless Networks Work
    2. Wireless Standards
    3. Wireless Security
    4. Wireless Authentication
    5. Wireless Encryption
    6. Wireless Attacks
    7. Rogue Access Points
    8. Disassociation Attacks
    9. Jamming
    10. Setting Up a Wireless Network with Security in Mind
    11. Exercise: Secure Your WAP
    12. Setting Up Your Access Point
    13. Setting Up Wireless Security
    14. Enabling Filtering
    15. Conclusion
  15. Chapter 9: Encryption Cracking
    1. What Is Cryptography?
    2. What We Encrypt
    3. Early Cryptography
    4. Substitution Ciphers
    5. Transposition Ciphers
    6. Modern Cryptography
    7. Symmetric Cryptography
    8. Asymmetric Cryptography
    9. Validating Public Keys
    10. Hashing
    11. What Happens When You Visit a Website?
    12. How Black Hats Steal Your Keys
    13. Cryptanalysis
    14. Asymmetric Algorithm Attacks
    15. Protecting Your Keys
    16. How Black Hats Break Hashes
    17. Salting Your Hashes
    18. Exercise: Encrypting and Hashing Files
    19. Encrypting and Hashing a File in Windows 10
    20. Protecting Files Using macOS
    21. Using ssh-keygen to Generate a Public Key (Windows 10 or macOS)
    22. Conclusion
  16. Chapter 10: How to Defeat Black Hats
    1. What’s the Worst That Could Happen?
    2. Risks
    3. Threats
    4. Controls
    5. Risk Management Programs
    6. Putting It All Together
    7. Exercise: Conducting a Risk Analysis
    8. Farewell and Good Luck
  17. Index