Home Page Icon
Home Page
Table of Contents for
Cybersecurity: Attack and Defense Strategies
Close
Cybersecurity: Attack and Defense Strategies
by Erdal Ozkaya, Yuri Diogenes
Cybersecurity - Attack and Defense Strategies
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Security Posture
The current threat landscape
The credentials – authentication and authorization
Data
Cybersecurity challenges
Old techniques and broader results
The shift in the threat landscape
Enhancing your security posture
The Red and Blue Team
References
Summary
Incident response process
Reasons to have an IR process in place
Creating an incident response process
Incident response team
Incident life cycle
Handling an incident
Best practices to optimize incident handling
Post-incident activity
Real-world scenario
Lessons learned
Incident response in the cloud
Updating your IR process to include cloud
References
Summary
Understanding the Cybersecurity Kill Chain
External reconnaissance
Scanning
NMap
John the Ripper
Wireshark
Aircrack-ng
Nikto
Kismet
Cain and Abel
Access and privilege escalation
Horizontal privilege escalation
Exfiltration
Assault
Obfuscation
References
Summary
External reconnaissance
Dumpster diving
Social media
Social engineering
Pretexting
Phishing
Phone phishing (vishing)
Spear phishing
Water holing
Baiting
Quid pro quo
Tailgating
Internal reconnaissance
Sniffing and scanning
Prismdump
tcpdump
NMap
Wireshark
Scanrand
Nessus
Metasploit
Aircrack-ng
Wardriving
Conclusion of the reconnaissance chapter
References
Compromising the System
Analyzing current trends
Extortion attacks
Data manipulation attacks
Backdoors
Mobile device attacks
Hacking everyday devices
Phishing
Exploiting a vulnerability
Zero-day
Fuzzing
Source code analysis
Types of zero-day exploits
Structured exception handler overwrites
Performing the steps to compromise a system
Installing and using a vulnerability scanner
Using Metasploit
Compromising operating systems
Compromising systems using a Linux Live CD
Compromising systems using preinstalled applications
Compromising systems using Ophcrack
Compromising a remote system
Compromising web-based systems
SQL injection
Broken authentication
DDoS attacks
References
Summary
Chasing a User's Identity
Identity is the new perimeter
Strategies for compromising a user's identity
Gaining access to the network
Harvesting credentials
Hacking a user's identity
Brute force
Social engineering
Pass the hash
Other methods to hack identity
References
Summary
Lateral Movement
Infiltration
Network mapping
Avoiding alerts
Performing lateral movement
Port scans
Sysinternals
Remote Desktop
Windows Management Instrumentation
Scheduled tasks
Token stealing
Pass-the-hash
Remote Registry
Breached host analysis
Central administrator consoles
Email pillaging
Summary
Privilege Escalation
Infiltration
Horizontal privilege escalation
Vertical privilege escalation
Avoiding alerts
Performing privilege escalation
Exploiting unpatched operating systems
Access token manipulation
Exploiting accessibility features
Application shimming
DLL injection
DLL search order hijacking
Dylib hijacking
Exploration of vulnerabilities
Launch daemon
Conclusion and lessons learned
References
Summary
Security Policy
Educating the end user
Social media security guidelines for users
Security awareness training
Application whitelisting
Hardening
Monitoring for compliance
References
Summary
Network Segmentation
Defense in depth approach
Infrastructure and services
Documents in transit
Endpoints
Physical network segmentation
Discovering your network
Securing remote access to the network
Site-to-site VPN
Virtual network segmentation
Hybrid cloud network security
References
Summary
Active Sensors
Detection capabilities
Indicators of compromise
Intrusion detection systems
Intrusion prevention system
Rule-based detection
Anomaly-based detection
Behavior analytics on-premises
Device placement
Behavior analytics in a hybrid cloud
Azure Security Center
References
Summary
Introduction to threat intelligence
Open source tools for threat intelligence
Microsoft threat intelligence
Azure Security Center
Leveraging threat intelligence to investigate suspicious activity
References
Summary
Investigating an Incident
Scoping the issue
Key artifacts
Investigating a compromised system on-premises
Investigating a compromised system in a hybrid cloud
Search and you shall find it
Lessons learned
References
Summary
Recovery Process
Disaster recovery plan
The disaster recovery planning process
Forming a disaster recovery team
Performing risk assessment
Prioritizing processes and operations
Determining recovery strategies
Collecting data
Creating the disaster recovery plan
Testing the plan
Obtaining approval
Maintaining the plan
Challenges
Live recovery
Contingency planning
IT contingency planning process
Development of the contingency planning policy
Conducting business impact analysis
Identifying the critical IT resources
Identifying disruption impacts
Identifying the preventive controls
Developing recovery strategies
Backups
Equipment replacement
Plan testing, training, and exercising
Plan maintenance
Best practices for recovery
References
Summary
Vulnerability Management
Creating a vulnerability management strategy
Asset inventory
Information management
Scope
Collecting data
Analysis of policies and procedures
Threat analysis
Analysis of acceptable risks
Vulnerability assessment
Reporting and remediation tracking
Response planning
Vulnerability management tools
Asset inventory tools
Peregrine tools
LANDesk Management Suite
StillSecure
Information management tools
Risk assessment tools
Vulnerability assessment tools
Reporting and remediation tracking tools
Response planning tools
Implementation of vulnerability management
Best practices for vulnerability management
Implementing vulnerability management with Nessus
Flexera (Secunia) Personal Software Inspector
Conclusion
References
Summary
Log Analysis
Data correlation
Operating system logs
Windows logs
Linux logs
Firewall logs
Web server logs
References
Summary
Leave a review - let other readers know what you think
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Title Page
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset