Cybersecurity Attacks – Red Team Strategies
A practical guide to building a penetration testing program having homefield advantage
Johann Rehberger
BIRMINGHAM—MUMBAI
Cybersecurity Attacks – Red Team Strategies
Copyright © 2020 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Commissioning Editor: Vijin Boricha
Acquisition Editor: Meeta Rajani
Senior Editor: Arun Nadar
Content Development Editor: Pratik Andrade
Technical Editor: Prachi Sawant
Copy Editor: Safis Editing
Project Coordinator: Vaidehi Sawant
Proofreader: Safis Editing
Indexer: Rekha Nair
Production Designer: Jyoti Chauhan
First published: March 2020
Production reference: 1270320
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-83882-886-8
www.packt.com
Packt.com
Subscribe to our online digital library for full access to over 7,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.
Why subscribe?
- Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals
- Improve your learning with Skill Plans built especially for you
- Get a free eBook or video every month
- Fully searchable for easy access to vital information
- Copy and paste, print, and bookmark content
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.
At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.
Contributors
About the author
Johann Rehberger has over fifteen years of experience in threat analysis, threat modeling, risk management, penetration testing, and red teaming. As part of his many years at Microsoft, Johann established a penetration test team in Azure Data and led the program as Principal Security Engineering Manager. Recently, he built out a red team at Uber and currently works as an independent security and software engineer. Johann is well versed in analysis, design, implementation, and testing of software systems. Additionally, he enjoys providing training and was an instructor for ethical hacking at the University of Washington. Johann contributed to the MITRE ATT&CK framework and holds a master's in computer security from the University of Liverpool.
About the reviewers
Massimo Bozza is a passionate information security practitioner, researcher, speaker, and lecturer. He holds a master's in electronic engineering from University La Sapienza of Rome, with years of experience in penetration testing, vulnerability assessments, surveillance and monitoring solutions, embedded devices, and RF hacking. He is currently employed as a red team manager at one of the largest online fashion retail groups, shaping new strategies to fight and simulate cyber adversaries.
Christopher Cottrell has over ten years' experience in the cybersecurity field. His technical experience includes red team operations, hunt teaming, application security, and DevOps practices. He utilizes his experience as a red team adversary to strengthen the cybersecurity maturity of organizations while also bringing a unique perspective to executive decision-makers. He heads the red team and application security verticals at 2U, Inc. In this role, he leads red team campaigns that test and verify security controls that support business requirements. He ensures that application security practices secure critical code for 2U and uses his team to provide live and static assessments on applications. He is an advocate for cybersecurity as a trade skill and always looking for new and innovative ways to bring talent into the field. He is currently spearheading an initiative at 2U to provide a path into red teaming for those who have a great interest in the discipline but no direct pathway into the field. Christopher can be reached on Twitter @icebearfriend, or on LinkedIn.
Christopher Gibson is a Senior Manager in the Product Security team at Citrix, tasked with leading the internal Red Team. His areas of focus include security architecture, penetration testing, application security, incident response, digital forensics, and consulting with business units to reduce their cybersecurity risk. He holds the Offensive Security Certified Professional (OSCP) and the GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) certifications among other security and IT certifications.
Packt is searching for authors like you
If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.