Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Preface

With a threat landscape that it is in constant motion, it becomes imperative to have a strong security posture, which in reality means enhancing the protection, detection, and response. Throughout this book, you will learn about attack methods and patterns to recognize abnormal behavior within your organization with Blue Team tactics. You will also learn techniques to gather exploitation intelligence, identify risks, and demonstrate impact on Red and Blue Team strategies.

Who this book is for

For the IT professional venturing into the IT security domain, IT pentesters, security consultants, or those looking to perform ethical hacking. Prior knowledge of penetration testing is beneficial.

What this book covers

Chapter 1, Security Posture, defines what constitutes a secure posture and how it helps in understanding the importance of having a good defense and attack strategy.

Chapter 2, Incident Response Process, introduces the incident response process and the importance of having one. It goes over different industry standards and best practices for handling incident response.

Chapter 3, What is a Cyber Strategy?, explains what a cyber strategy is, why it's needed, and how an effective enterprise cyber strategy can be built.

Chapter 4, Understanding the Cybersecurity Kill Chain, prepares the reader to understand the mindset of an attacker, the different stages of the attack, and what usually takes place in each one of those phases.

Chapter 5, Reconnaissance, speaks about the different strategies to perform reconnaissance and how data is gathered to obtain information about the target for planning the attack.

Chapter 6, Compromising the System, shows current trends in strategies to compromise a system and explains how to compromise a system.

Chapter 7, Chasing a User's Identity, explains the importance of protecting the user's identity to avoid credential theft and goes through the process of hacking the user's identity.

Chapter 8, Lateral Movement, describes how attackers perform lateral movement once they compromise a system.

Chapter 9, Privilege Escalation, shows how attackers can escalate privileges in order to gain administrative access to a network system.

Chapter 10, Security Policy, focuses on the different aspects of the initial defense strategy, which starts with the importance of a well-crafted security policy and goes over the best practices for security policies, standards, security awareness training, and core security controls.

Chapter 11, Network Segmentation, looks into different aspects of defense in depth, covering physical network segmentation as well as the virtual and hybrid cloud.

Chapter 12, Active Sensors, details different types of network sensors that help the organizations to detect attacks.

Chapter 13, Threat Intelligence, speaks about the different aspects of threat intelligence from the community as well as from the major vendors.

Chapter 14, Investigating an Incident, goes over two case studies, for an on-premises compromised system and for a cloud-based compromised system, and shows all the steps involved in a security investigation.

Chapter 15, Recovery Process, focuses on the recovery process of a compromised system and explains how crucial it is to know all the options that are available since live recovery of a system is not possible in certain circumstances.

Chapter 16, Vulnerability Management, describes the importance of vulnerability management to mitigate vulnerability exploitation. It covers the current threat landscape and the growing number of ransomwares that exploit known vulnerabilities.

Chapter 17, Log Analysis, goes over the different techniques for manual log analysis since it is critical for the reader to gain knowledge on how to deeply analyze different types of logs to hunt suspicious security activities.

To get the most out of this book

We assume that the readers of this book know the basic information security concepts and are familiar with Windows and Linux operating systems.
Some of the demonstrations from this book can also be done in a lab environment; therefore, we recommend that you have a virtual lab with the following VMs: Windows Server 2012, Windows 10, and Kali Linux.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781838827793_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. For example; " You can use the agent.exe-h command to get help about the possible command options."

A block of code is set as follows:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing.
Event ID: 4688
Task Category: Process Creation

Any command-line input or output is written as follows:

Invoke-WebRequest-Uri "https://github.com/gentilkiwi/mimikatz/releases/download/2.1.1-20170813/mimikatz_trunk.zip"-OutFile "C:tempmimikatz_trunk.zip"

Bold: Indicates a new term, an important word, or words that you see on the screen, for example, in menus or dialog boxes, also appear in the text like this. For example: "In an incident response process, the roles and responsibilities are critical. Without the proper level of authority, the entire process is at risk."

Warnings or important notes appear like this.

Tips and tricks appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book we would be grateful if you would report this to us. Please visit, http://www.packt.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit http://authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Preface

Create new playlist

Sign In

Sign Up