Home Page Icon
Home Page
Table of Contents for
B14530_TOC_Final_JC_ePub
Close
B14530_TOC_Final_JC_ePub
by Johann Rehberger
Cybersecurity Attacks – Red Team Strategies
Cybersecurity Attacks – Red Team Strategies
Why subscribe?
Contributors
About the author
About the reviewers
Packt is searching for authors like you
Preface
A note about terminology
Who this book is for
What this book covers?
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Disclaimer
Section 1: Embracing the Red
Chapter 1: Establishing an Offensive Security Program
Defining the mission – the devil's advocate
Getting leadership support
Convincing leadership with data
Convincing leadership with actions and results
Locating a red team in the organization chart
The road ahead for offensive security
Building a new program from scratch
Inheriting an existing program
People – meeting the red team crew
Penetration testers and why they are so awesome!
Offensive security engineering as a professional discipline
Strategic red teamers
Program management
Attracting and retaining talent
Diversity and inclusion
Morale and team identity
The reputation of the team
Providing different services to the organization
Security reviews and threat modeling support
Security assessments
Red team operations
Purple team operations
Tabletop exercises
Research and development
Predictive attack analysis and incident response support
Additional responsibilities of the offensive program
Security education and training
Increasing the security IQ of the organization
Gathering threat intelligence
Informing risk management groups and leadership
Integrating with engineering processes
I feel like I really know you – understanding the ethical aspects of red teaming
Training and education of the offensive security team
Policies – principles, rules, and standards
Principles to guide and rules to follow
Acting with purpose and being humble
Penetration testing is representative and not comprehensive
Pentesting is not a substitute for functional security testing
Letting pen testers explore
Informing risk management
Rules of engagement
Adjusting rules of engagement for operations
Geographical and jurisdictional areas of operation
Distribution of handout cards
Real versus simulated versus emulated adversaries
Production versus non-production systems
Avoiding becoming a pawn in political games
Standard operating procedure
Leveraging attack plans to track an operation
Mission objective – what are we setting out to achieve or demonstrate?
Stakeholders and their responsibilities
Codenames
Timelines and duration
Understanding the risks of penetration testing and authorization
Kick-off meeting
Deliverables
Notifying stakeholders
Attack plan during execution – tracking progress during an operation
Documenting activities
Wrapping up an operation
Overarching information sharing via dashboards
Contacting the pen test team and requesting services
Modeling the adversary
Understanding external adversaries
Considering insider threats
Motivating factors
Anatomy of a breach
Establishing a beachhead
Achieving the mission objective
Breaching web applications
Weak credentials
Lack of integrity and confidentiality
Cyber Kill Chain® by Lockheed Martin
Anatomy of a cloud service disaster
Modes of execution – surgical or carpet bombing
Surgical
Carpet bombing
Environment and office space
Open office versus closed office space
Securing the physical environment
Assemble the best teams as needed
Focusing on the task at hand
Summary
Questions
Chapter 2: Managing an Offensive Security Team
Understanding the rhythm of the business and planning Red Team operations
Planning cycles
Offsites
Encouraging diverse ideas and avoiding groupthink
Planning operations – focus on objectives
Planning operations - focus on assets
Planning operations - focus on vulnerabilities
Planning operations – focus on attack tactics, techniques, and procedures
Planning operations – focus on STRIDE
Managing and assessing the team
Regular 1:1s
Conveying bad news
Celebrating success and having fun
Management by walking around
Managing your leadership team
Managing yourself
Handling logistics, meetings, and staying on track
Team meetings
Working remotely
Continuous penetration testing
Continuous resource adjustment
Choosing your battles wisely
Getting support from external vendor companies
Growing as a team
Enabling new hires quickly
Excellence in everything
Offensive security test readiness
Building an attack lab
Leading and inspiring the team
For the best results – let them loose!
Leveraging homefield advantage
Finding a common goal between red, blue, and engineering teams
Getting caught! How to build a bridge
Learning from each other to improve
Threat hunting
Growing the purple team so that it's more effective
Offensive techniques and defensive countermeasures
Surrendering those attack machines!
Active defense, honeypots, and decoys
Protecting the pen tester
Performing continuous end-to-end test validation of the incident response pipeline
Combatting the normalization of deviance
Retaining a healthy adversarial view between red and blue teams
Disrupting the purple team
Summary
Questions
Chapter 3: Measuring an Offensive Security Program
Understanding the illusion of control
The road to maturity
Strategic red teaming across organizations
The risks of operating in cloak-and-dagger mode
Tracking findings and incidents
Repeatability
Automating red teaming activities to help defenders
Protecting information – securing red team findings
Measuring red team persistence over time
Tackling the fog of war
Threats – trees and graphs
Building conceptual graphs manually
Automating discovery and enabling exploration
Defining metrics and KPIs
Tracking the basic internal team commitments
Attack insight dashboards – exploring adversarial metrics
Red team scores
Tracking the severity of findings and measuring risks
Moving beyond ordinal scores
Using mean-time metrics
Experimenting with Monte Carlo simulations
Threat response matrix
Test Maturity Model integration (TMMi ®)and red teaming
Level 2: Managed
Level 3: Defined
Level 4: Measured
Level 5: Optimized
Level 6: Illusion of control – the red team strikes back
MITRE ATT&CK™ Matrix
MITRE ATT&CK Navigator
Remembering what red teaming is about
Summary
Questions
Chapter 4: Progressive Red Teaming Operations
Exploring varieties of cyber operational engagements
Cryptocurrency mining
Mining crytocurrency to demonstrate the financial impact – or when moon?
Red teaming for privacy
Getting started with privacy focused testing
Sending a virtual bill to internal teams
Red teaming the red team
Targeting the blue team
Leveraging the blue team's endpoint protection as C2
Social media and targeted advertising
Targeting telemetry collection to manipulate feature development
Attacking artificial intelligence and machine learning
Operation Vigilante – using the red team to fix things
Emulating real-world advanced persistent threats (APTs)
Performing tabletop exercises
Involving the leadership team in exercises
Summary
Questions
Section 2: Tactics and Techniques
Chapter 5: Situational Awareness – Mapping Out the Homefield Using Graph Databases
Understanding attack and knowledge graphs
Graph database basics
Nodes or vertices
Relationships or edges
Properties or values
Labels
Building the homefield graph using Neo4j
Exploring the Neo4j browser
Creating and querying information
Creating a node
Retrieving a node
Creating relationships between nodes
Indexing to improve performance
Deleting an object
Alternative ways to query graph databases
Summary
Questions
Chapter 6: Building a Comprehensive Knowledge Graph
Technical requirements
Case study – the fictional Shadow Bunny corporation
Employees and assets
Building out the graph
Creation of computer nodes
Adding relationships to reflect the administrators of machines
Configuring the query editor to allow multi-statement queries
Who uses which computer?
Mapping out the cloud!
Importing cloud assets
Creating an AWS IAM user
Leveraging AWS client tools to export data
Loading CSV data into the graph database
Loading CSV data and creating nodes and relationships
Grouping data
Adding more data to the knowledge graph
Active Directory
Blue team and IT data sources
Cloud assets
OSINT, threat intel, and vulnerability information
Address books and internal directory systems
Discovering the unknown and port scanning
Augmenting an existing graph or building one from scratch?
Summary
Questions
Chapter 7: Hunting for Credentials
Technical requirements
Clear text credentials and how to find them
Looking for common patterns to identify credentials
Retrieving stored Wi-Fi passwords on Windows
Tooling for automated credential discovery
Leveraging indexing techniques to find credentials
Using Sourcegraph to find secrets more efficiently
Searching for credentials using built-in OS file indexing
Indexing code and documents using Apache Lucene and Scour
Hunting for ciphertext and hashes
Hunting for ciphertext
Hunting for hashes
Summary
Questions
Chapter 8: Advanced Credential Hunting
Technical requirements
Understanding the Pass the Cookie technique
Credentials in process memory
Walkthrough of using ProcDump for Windows
Understanding Mimikittenz
Dumping process memory on Linux
Debugging processes and pivoting on macOS using LLDB
Using Mimikatz offline
Abusing logging and tracing to steal credentials and access tokens
Tracing the WinINet provider
Decrypting TLS traffic using TLS key logging
Searching log files for credentials and access tokens
Looking for sensitive information in command-line arguments
Using Task Manager and WMI on Windows to look at command-line arguments
Windows Credential Manager and macOS Keychain
Understanding and using Windows Credential Manager
Looking at the macOS Keychain
Using optical character recognition to find sensitive information in images
Exploiting the default credentials of local admin accounts
Phishing attacks and credential dialog spoofing
Spoofing a credential prompt using osascript on macOS
Spoofing a credential prompt via zenity on Linux
Spoofing a credential prompt with PowerShell on Windows
Credential dialog spoofing with JavaScript and HTML on the web
Using transparent relay proxies for phishing
Performing password spray attacks
Leveraging PowerShell to perform password spraying
Performing password spraying from macOS or Linux (bash implementation)
Summary
Questions
Chapter 9: Powerful Automation
Technical requirements
Understanding COM automation on Windows
Using COM automation for red teaming purposes
Achieving objectives by automating Microsoft Office
Automating sending emails via Outlook
Automating Microsoft Excel using COM
Searching through Office documents using COM automation
Windows PowerShell scripts for searching Office documents
Automating and remote controlling web browsers as an adversarial technique
Leveraging Internet Explorer during post-exploitation
Automating and remote controlling Google Chrome
Using Chrome remote debugging to spy on users!
Exploring Selenium for browser automation
Exfiltrating information via the browser
Summary
Questions
Chapter 10: Protecting the Pen Tester
Technical requirements
Locking down your machines (shields up)
Limiting the attack surface on Windows
Becoming stealthy on macOS and limiting the attack surface
Configuring the Uncomplicated Firewall on Ubuntu
Locking down SSH access
Considering Bluetooth threats
Keeping an eye on the administrators of your machines
Using a custom hosts file to send unwanted traffic into a sinkhole
Keeping a low profile on Office Delve, GSuites, and Facebook for Work
Securely deleting files and encrypting hard drives
Improving documentation with custom Hacker Shell prompts
Customizing Bash shell prompts
Customizing PowerShell prompts
Improving cmd.exe prompts
Automatically logging commands
Using Terminal multiplexers and exploring shell alternatives
Monitoring and alerting for logins and login attempts
Receiving notifications for logins on Linux by leveraging PAM
Notification alerts for logins on macOS
Alerting for logins on Windows
Summary
Questions
Chapter 11: Traps, Deceptions, and Honeypots
Technical requirements
Actively defending pen testing assets
Understanding and using Windows Audit ACLs
Configuring a file to be audited by Windows using SACLs
Triggering an audit event and changing the Windows Audit Policy
Notifications for file audit events on Windows
Sending notifications via email on Windows
Creating a Scheduled Task to launch the Sentinel monitor
Building a Homefield Sentinel – a basic Windows Service for defending hosts
Installing Visual Studio Community Edition and scaffolding a Windows Service
Adding basic functionality to the scaffold
Adding logging functionality to the service
Leveraging a configuration file to adjust settings
Adding an installer to the service
Uninstalling the Homefield Sentinel service
Monitoring access to honeypot files on Linux
Creating a honeypot RSA key file
Using inotifywait to gain basic information about access to a file
Leveraging auditd to help protect pen test machines
Notifications using event dispatching and custom audisp plugins
Alerting for suspicious file access on macOS
Leveraging fs_usage for quick and simple file access monitoring
Creating a LaunchDaemon to monitor access to decoy files
Observing the audit event stream of OpenBSM
Configuring OpenBSM for auditing read access to decoy files
Summary
Questions
Chapter 12: Blue Team Tactics for the Red Team
Understanding centralized monitoring solutions that blue teams leverage
Using osquery to gain insights and protect pen testing assets
Installing osquery on Ubuntu
Understanding the basics of osquery
Using osquery to monitor access to decoy files
Leveraging Filebeat, Elasticsearch, and Kibana
Running Elasticsearch using Docker
Installing Kibana to analyze log files
Configuring Filebeat to send logs to Elasticsearch
Alerting using Watcher
Summary
Questions
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Another Book You May Enjoy
Leave a review - let other readers know what you think
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Cybersecurity Attacks – Red Team Strategies
Next
Next Chapter
Preface
Table of Contents
Preface
Section 1: Embracing the Red
Chapter 1: Establishing an Offensive Security Program
Defining the mission – the devil's advocate4
Getting leadership support5
Convincing leadership with data5
Convincing leadership with actions and results6
Locating a red team in the organization chart6
The road ahead for offensive security 7
Building a new program from scratch7
Inheriting an existing program7
People – meeting the red team crew 8
Penetration testers and why they are so awesome!9
Offensive security engineering as a professional discipline9
Strategic red teamers10
Program management10
Attracting and retaining talent10
Diversity and inclusion12
Morale and team identity13
The reputation of the team14
Providing different services to the organization15
Security reviews and threat modeling support15
Security assessments16
Red team operations16
Purple team operations16
Tabletop exercises17
Research and development17
Predictive attack analysis and incident response support17
Additional responsibilities of the offensive program18
Security education and training18
Increasing the security IQ of the organization18
Gathering threat intelligence 18
Informing risk management groups and leadership18
Integrating with engineering processes19
I feel like I really know you – understanding the ethical aspects of red teaming19
Training and education of the offensive security team20
Policies – principles, rules, and standards21
Principles to guide and rules to follow21
Acting with purpose and being humble21
Penetration testing is representative and not comprehensive22
Pentesting is not a substitute for functional security testing22
Letting pen testers explore22
Informing risk management22
Rules of engagement23
Adjusting rules of engagement for operations24
Geographical and jurisdictional areas of operation24
Distribution of handout cards25
Real versus simulated versus emulated adversaries 25
Production versus non-production systems25
Avoiding becoming a pawn in political games26
Standard operating procedure26
Leveraging attack plans to track an operation27
Mission objective – what are we setting out to achieve or demonstrate?27
Stakeholders and their responsibilities28
Codenames29
Timelines and duration29
Understanding the risks of penetration testing and authorization29
Kick-off meeting30
Deliverables30
Notifying stakeholders30
Attack plan during execution – tracking progress during an operation31
Documenting activities33
Wrapping up an operation34
Overarching information sharing via dashboards38
Contacting the pen test team and requesting services 38
Modeling the adversary 38
Understanding external adversaries39
Considering insider threats39
Motivating factors39
Anatomy of a breach 40
Establishing a beachhead40
Achieving the mission objective41
Breaching web applications 41
Weak credentials42
Lack of integrity and confidentiality42
Cyber Kill Chain® by Lockheed Martin42
Anatomy of a cloud service disaster42
Modes of execution – surgical or carpet bombing44
Surgical44
Carpet bombing44
Environment and office space45
Open office versus closed office space45
Securing the physical environment 45
Assemble the best teams as needed45
Focusing on the task at hand46
Summary46
Questions46
Chapter 2: Managing an Offensive Security Team
Understanding the rhythm of the business and planning Red Team operations48
Planning cycles 48
Offsites49
Encouraging diverse ideas and avoiding groupthink50
Planning operations – focus on objectives50
Planning operations - focus on assets52
Planning operations - focus on vulnerabilities52
Planning operations – focus on attack tactics, techniques, and procedures53
Planning operations – focus on STRIDE53
Managing and assessing the team55
Regular 1:1s 55
Conveying bad news56
Celebrating success and having fun56
Management by walking around 56
Managing your leadership team57
Managing yourself57
Handling logistics, meetings, and staying on track58
Team meetings58
Working remotely59
Continuous penetration testing59
Continuous resource adjustment 59
Choosing your battles wisely60
Getting support from external vendor companies60
Growing as a team61
Enabling new hires quickly62
Excellence in everything62
Offensive security test readiness63
Building an attack lab63
Leading and inspiring the team 64
For the best results – let them loose!64
Leveraging homefield advantage65
Finding a common goal between red, blue, and engineering teams65
Getting caught! How to build a bridge67
Learning from each other to improve68
Threat hunting68
Growing the purple team so that it's more effective68
Offensive techniques and defensive countermeasures69
Surrendering those attack machines!69
Active defense, honeypots, and decoys70
Protecting the pen tester71
Performing continuous end-to-end test validation of the incident response pipeline71
Combatting the normalization of deviance72
Retaining a healthy adversarial view between red and blue teams72
Disrupting the purple team72
Summary73
Questions73
Chapter 3: Measuring an Offensive Security Program
Understanding the illusion of control76
The road to maturity77
Strategic red teaming across organizations 78
The risks of operating in cloak-and-dagger mode78
Tracking findings and incidents79
Repeatability84
Automating red teaming activities to help defenders85
Protecting information – securing red team findings86
Measuring red team persistence over time86
Tackling the fog of war 86
Threats – trees and graphs87
Building conceptual graphs manually88
Automating discovery and enabling exploration91
Defining metrics and KPIs 93
Tracking the basic internal team commitments93
Attack insight dashboards – exploring adversarial metrics93
Red team scores 95
Tracking the severity of findings and measuring risks 101
Moving beyond ordinal scores101
Using mean-time metrics102
Experimenting with Monte Carlo simulations103
Threat response matrix 107
Test Maturity Model integration (TMMi ®)and red teaming108
Level 2: Managed109
Level 3: Defined109
Level 4: Measured110
Level 5: Optimized110
Level 6: Illusion of control – the red team strikes back110
MITRE ATT&CK™ Matrix111
MITRE ATT&CK Navigator 111
Remembering what red teaming is about115
Summary115
Questions116
Chapter 4: Progressive Red Teaming Operations
Exploring varieties of cyber operational engagements118
Cryptocurrency mining119
Mining crytocurrency to demonstrate the financial impact – or when moon?121
Red teaming for privacy123
Getting started with privacy focused testing124
Sending a virtual bill to internal teams 126
Red teaming the red team127
Targeting the blue team 127
Leveraging the blue team's endpoint protection as C2128
Social media and targeted advertising129
Targeting telemetry collection to manipulate feature development129
Attacking artificial intelligence and machine learning130
Operation Vigilante – using the red teamto fix things131
Emulating real-world advanced persistent threats (APTs)132
Performing tabletop exercises 132
Involving the leadership team in exercises133
Summary134
Questions134
Section 2: Tactics and Techniques
Chapter 5: Situational Awareness – Mapping Out the Homefield Using Graph Databases
Understanding attack and knowledge graphs138
Graph database basics139
Nodes or vertices140
Relationships or edges141
Properties or values141
Labels141
Building the homefield graph using Neo4j142
Exploring the Neo4j browser148
Creating and querying information150
Creating a node151
Retrieving a node151
Creating relationships between nodes155
Indexing to improve performance158
Deleting an object158
Alternative ways to query graph databases 159
Summary160
Questions160
Chapter 6: Building a Comprehensive Knowledge Graph
Technical requirements162
Case study – the fictional Shadow Bunny corporation162
Employees and assets163
Building out the graph164
Creation of computer nodes168
Adding relationships to reflect the administrators of machines169
Configuring the query editor to allow multi-statement queries171
Who uses which computer?173
Mapping out the cloud! 176
Importing cloud assets 180
Creating an AWS IAM user180
Leveraging AWS client tools to export data185
Loading CSV data into the graph database192
Loading CSV data and creating nodes and relationships195
Grouping data197
Adding more data to the knowledge graph198
Active Directory198
Blue team and IT data sources198
Cloud assets199
OSINT, threat intel, and vulnerability information199
Address books and internal directory systems200
Discovering the unknown and port scanning200
Augmenting an existing graph or building one from scratch?200
Summary201
Questions201
Chapter 7: Hunting for Credentials
Technical requirements204
Clear text credentials and how to find them204
Looking for common patterns to identify credentials205
Retrieving stored Wi-Fi passwords on Windows213
Tooling for automated credential discovery215
Leveraging indexing techniques to find credentials216
Using Sourcegraph to find secrets more efficiently 216
Searching for credentials using built-in OS file indexing224
Indexing code and documents using Apache Lucene and Scour231
Hunting for ciphertext and hashes233
Hunting for ciphertext233
Hunting for hashes234
Summary242
Questions243
Chapter 8: Advanced Credential Hunting
Technical requirements246
Understanding the Pass the Cookie technique247
Credentials in process memory248
Walkthrough of using ProcDump for Windows248
Understanding Mimikittenz251
Dumping process memory on Linux252
Debugging processes and pivoting on macOS using LLDB255
Using Mimikatz offline258
Abusing logging and tracing to steal credentials and access tokens259
Tracing the WinINet provider261
Decrypting TLS traffic using TLS key logging265
Searching log files for credentials and access tokens272
Looking for sensitive information in command-line arguments 277
Using Task Manager and WMI on Windows to look at command-line arguments278
Windows Credential Manager and macOS Keychain 279
Understanding and using Windows Credential Manager280
Looking at the macOS Keychain284
Using optical character recognition to find sensitive information in images285
Exploiting the default credentials of local admin accounts 287
Phishing attacks and credential dialog spoofing 288
Spoofing a credential prompt using osascript on macOS288
Spoofing a credential prompt via zenity on Linux290
Spoofing a credential prompt with PowerShell on Windows291
Credential dialog spoofing with JavaScript and HTML on the web292
Using transparent relay proxies for phishing292
Performing password spray attacks295
Leveraging PowerShell to perform password spraying295
Performing password spraying from macOS or Linux (bash implementation)297
Summary299
Questions300
Chapter 9: Powerful Automation
Technical requirements302
Understanding COM automation on Windows302
Using COM automation for red teaming purposes303
Achieving objectives by automating Microsoft Office 307
Automating sending emails via Outlook307
Automating Microsoft Excel using COM309
Searching through Office documents using COM automation312
Windows PowerShell scripts for searching Office documents315
Automating and remote controlling web browsers as an adversarial technique320
Leveraging Internet Explorer during post-exploitation320
Automating and remote controlling Google Chrome326
Using Chrome remote debugging to spy on users!332
Exploring Selenium for browser automation 336
Exfiltrating information via the browser347
Summary348
Questions348
Chapter 10: Protecting the Pen Tester
Technical requirements350
Locking down your machines (shields up)350
Limiting the attack surface on Windows352
Becoming stealthy on macOS and limiting the attack surface355
Configuring the Uncomplicated Firewall on Ubuntu 364
Locking down SSH access366
Considering Bluetooth threats366
Keeping an eye on the administrators of your machines367
Using a custom hosts file to send unwanted traffic into a sinkhole369
Keeping a low profile on Office Delve, GSuites, and Facebook for Work370
Securely deleting files and encrypting hard drives370
Improving documentation with custom Hacker Shell prompts371
Customizing Bash shell prompts371
Customizing PowerShell prompts372
Improving cmd.exe prompts373
Automatically logging commands 373
Using Terminal multiplexers and exploring shell alternatives374
Monitoring and alerting for logins and login attempts378
Receiving notifications for logins on Linux by leveraging PAM378
Notification alerts for logins on macOS387
Alerting for logins on Windows388
Summary394
Questions395
Chapter 11: Traps, Deceptions, and Honeypots
Technical requirements398
Actively defending pen testing assets 398
Understanding and using Windows Audit ACLs399
Configuring a file to be audited by Windows using SACLs399
Triggering an audit event and changing the Windows Audit Policy403
Notifications for file audit events on Windows406
Sending notifications via email on Windows408
Creating a Scheduled Task to launch the Sentinel monitor409
Building a Homefield Sentinel – a basic Windows Service for defending hosts415
Installing Visual Studio Community Edition and scaffolding a Windows Service415
Adding basic functionality to the scaffold416
Adding logging functionality to the service422
Leveraging a configuration file to adjust settings 423
Adding an installer to the service424
Uninstalling the Homefield Sentinel service 429
Monitoring access to honeypot files on Linux430
Creating a honeypot RSA key file430
Using inotifywait to gain basic information about access to a file431
Leveraging auditd to help protect pen test machines432
Notifications using event dispatching and custom audisp plugins437
Alerting for suspicious file access on macOS 439
Leveraging fs_usage for quick and simple file access monitoring439
Creating a LaunchDaemon to monitor access to decoy files440
Observing the audit event stream of OpenBSM443
Configuring OpenBSM for auditing read access to decoy files444
Summary447
Questions448
Chapter 12: Blue Team Tactics for the Red Team
Understanding centralized monitoring solutions that blue teams leverage450
Using osquery to gain insights and protect pen testing assets451
Installing osquery on Ubuntu452
Understanding the basics of osquery453
Using osquery to monitor access to decoy files458
Leveraging Filebeat, Elasticsearch, and Kibana 462
Running Elasticsearch using Docker463
Installing Kibana to analyze log files466
Configuring Filebeat to send logs to Elasticsearch469
Alerting using Watcher473
Summary473
Questions474
Assessments
Another Book You May Enjoy
Leave a review - let other readers know what you think484
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset