Figure Credits
Cover image Sdecoret/Shutterstock
Figure 1-1, video posted by Anonymous on YouTube © 2020 Scripps Media, Inc
Figure 1-18, part of the MITRE ATT&CK matrix for Enterprise © 2015–2021, The MITRE Corporation
Figure 1-19, chaining together attack behavior using ATT&CK modeling © 2015–2021, The MITRE Corporation
Figure 2-5, Rapid7’s Nexpose Vulnerability Scanner © Rapid7
Figure 2-6, Cisco Firepower passive vulnerability data © Cisco Systems
Figure 2-7, Cisco reputation block page © Cisco Systems
Figure 2-8, Google’s reputation warning banner ©2020 Google
Figure 2-13, raised floor tile courtesy of Alibaba.com
Figure 2-14, sample SOC layout courtesy of Cisco Systems
Figure 2-26, Figure 5-16, SPLUNK Dashboard example © 2005–2020 Splunk, Inc
Figure 2-27, QRadar Dashboard example © IBM Corporation 1994, 2020
Figure 3-8, Tenable.sc vulnerability tracking © 2020 Tenable, Inc.
Figure 3-9, OpenVAS GUI example © Greenbone Networks 2020
Figure 3-11, MITRE ATT&CK Framework © 2015–2020, The MITRE Corporation
Figure 3-12, Atomic Red Ream website © 2014–2020 Red Canary
Figure 3-13, Atomic Red Team example for Windows © 2015–2020, The MITRE Corporation
Figure 3-14, Kali Linux Tool Categories © OffSec Services Limited 2020
Figure 3-15, searching Metasploit for Adobe vulnerabilities © Rapid7
Figure 3-20, Incident Response Consortium Playbooks © 2019 Incident Response Consortium
Figure 3-21, Malware Outbreak Playbook © 2019 Incident Response Consortium
Figure 3-22, diagram about hidden extensions © Microsoft 2020
Figure 3-24, Peframe analyzing a packed file © Microsoft 2020
Figure 3-26, using SET to clone Gmail © 2020 by TrustedSec
Figure 3-27, cloned Gmail website © 2020 Google
Figure 5-2, poorly parsed log within Splunk © 2005–2020 Splunk, Inc
Figure 5-3, Windows Event Log © Microsoft 2020
Figure 5-5, Splunk customized dashboard example © 2005–2020 Splunk, Inc
Figure 5-7, Splunk data input options © 2005–2020 Splunk, Inc
Figure 5-8, Cisco Stealthwatch configured to syslog data to Splunk © Cisco Systems
Figure 5-9, using default parsing template within SMC © Cisco Systems
Figure 5-10, results from poorly formatted Syslog © 2005–2020 Splunk, Inc
Figure 5-11, using custom syslog template in SMC © Cisco Systems
Figure 5-12, converting syslog data into reports and widgets © Cisco Systems
Figure 5-13, IBM QRadar search screen © IBM Corporation 1994, 2020
Figure 5-14, searching for data exfiltration in IBM QRadar © IBM Corporation 1994, 2020
Figure 5-15, IBM QRadar dashboard example © IBM Corporation 1994, 2020
Figure 5-17, Stealthwatch application within Splunk © 2005–2020 Splunk, Inc
Figure 5-18, IBM QRadar asset and vulnerability management example © IBM Corporation 1994, 2020
Figure 5-21, Firepower leveraging Rapid7 vulnerability data © Cisco Systems
Figure 5-25, Cisco Umbrella big data results example © Cisco Systems
Figure 6-1, Incident Response Consortium Playbook options © 2019 Incident Response Consortium
Figure 6-7, various Apache Struts exploits in Metasploit © 2020 The Apache Software Foundation
Figure 6-8, using Armitage to exploit a struts vulnerability © 2020 The Apache Software Foundation
Figure 7-2, Sophos threat prevalence usage example © 1997–2020 Sophos Ltd
Figure 7-3, example of Splunk not correctly processing threat data © 2005–2020 Splunk, Inc
Figure 7-5, Google Alerts example © 2020 Google
Figure 7-6, Google Chrome Scraper collecting hashes from the Cisco Talos blog © 2020 Cisco Systems, Inc
Figure 7-7, Twitter threat data behavior examples © 2020 Trend Micro Incorporated
Figure 8-2, Incident Response Consortium malware outbreak playbook example © 2019 Incident Response Consortium
Figure 8-4, opening a new incident ticket in Cisco SecureX © 2020 Cisco Systems, Inc
Figure 8-5, example of new case © 2020 Cisco Systems, Inc
Figure 8-7, Cisco AMP indicators of compromise example © 2020 Cisco Systems, Inc
Figure 8-8, hidden extension example © Microsoft 2020
Figure 8-10, TrIDNET Free File Analysis tool © Marco Pontello
Figure 8-17, Ghidra Disassembler viewing WannaCry ransomware kill switch © Lazarus Group
Figure 8-18, example of using Joe Sandbox for malware analysis © Lazarus Group
Figure 8-19, Cisco Stealthwatch identifying threats based on NetFlow © 2020 Cisco Systems, Inc
Figure 8-20, threat hunting maturity model © 2016–20 Sqrrl Fintech Private Limited
Figure 8-21, Cisco threat response analyzing success20.hopto.org © 2020 Cisco Systems, Inc
Figure 8-25, IRC Malware Outbreak playbook eradicate step © 2019 Incident Response Consortium
Figure 8-26, IRC Data Theft playbook eradicate step © 2019 Incident Response Consortium
Figure 8-27, IRC Malware Outbreak playbook recover step © 2019 Incident Response Consortium
Figure 8-29, Chain of Custody documentation bag example Courtesy of Cisco Systems
Figure 8-30, Autopsy main page © 2003–2020 Brian Carrier
Figure 8-31, Autopsy usage example © 2003–2020 Brian Carrier
Figure 8-40, Lessons Learned Meeting Agenda template example © Template.net
Figure 8-42, template for documenting parties involved © 2002–2020 Blackboard, Inc.
Figure 9-4, screenshot of Struts vulnerability example © 2020 Cisco Systems, Inc
Figure 9-5, screenshot of CVSS v2 base score calculator © National Institute of Standards and Technology
Figure 9-6, screenshot of CVSS temporal and environmental calculators © National Institute of Standards and Technology
Figure 9-7, screenshot of Struts CVSSv2 example © National Institute of Standards and Technology
Figure 9-8, screenshot of CVSS v3 base score metrics © National Institute of Standards and Technology
Figure 9-9, screenshot of Struts CVSS v3 example © National Institute of Standards and Technology
Figure 9-10, screenshot of Struts CVE-2017-9793 resource example © National Institute of Standards and Technology
Figure 9-11, screenshot of Struts vulnerability shown in Rapid7’s Nexpose © Rapid7
Figure 9-12, screenshot of Rapid7 Nexpose dashboard © Rapid7
Figure 9-13, screenshot of passive vulnerability scanning example © 2020 Cisco Systems, Inc
Figure 9-14, screenshot of OpenVAS example © blackMORE Ops
Figure 9-17, screenshot of Certero dashboard example © 2007–2020 Certero
Figure 9-18, screenshot of network access control asset list example © 2020 Cisco Systems, Inc
Figure 9-19, screenshot of Zenmap © nmap.org
Figure 9-20, screenshot of Cisco Firepower tuning with vulnerability data © 2020 Cisco Systems, Inc
Figure 9-25, screenshot of Rapid7 Nexpose automated actions configuration example © Rapid7
Figure 9-26, screenshot of Nexpose Asset dashboard © Rapid7
Figure 9-28, screenshot of Cisco Firepower Apache Struts rules © 2020 Cisco Systems, Inc
Figure 10-2, screenshot of Splunk Phantom main dashboard example © 2005–2020 Splunk, Inc
Figure 10-3, screenshot of Splunk Phantom case management dashboard example © 2005–2020 Splunk, Inc
Figure 10-4, screenshot of Splunk Phantom Playbook template list example © 2005–2020 Splunk, Inc
Figure 10-5, screenshot of high-level Splunk Phantom Playbook example © 2005–2020 Splunk, Inc
Figure 10-6, screenshot of zoomed-in Phantom Playbook example © 2005–2020 Splunk, Inc
Figure 10-7, screenshot of phantom example of DevOps coding © 2005–2020 Splunk, Inc
Figure 10-8, screenshot of CrowdStrike Falcon dashboard example © 2020 CrowdStrike
Figure 10-9, screenshot of Falcon event graph example © 2020 CrowdStrike
Figure 10-10, screenshot of CrowdStrike Falcon example of event details © 2020 CrowdStrike
Figure 10-13, screenshot of IRC’s Prepare playbook for malware outbreak © 2019 Incident Response Consortium
Figure 10-14, screenshot of IRC’s Analyze playbook for malware outbreak © 2019 Incident Response Consortium
Figure 10-16, screenshot of Cisco ISE configured with Rapid7 Nexpose example © 2020 Cisco Systems, Inc
Figure 10-17, screenshot of Cisco Firepower configuration rule example © 2020 Cisco Systems, Inc
Figure 10-18, screenshot of Cisco SecureX orchestration example © 2020 Cisco Systems, Inc
Figure 10-19, screenshot of example workflow validation and run options © 2020 Cisco Systems, Inc
Figure 10-20, screenshot of Splunk Phantom workflow execution example © 2005–2020 Splunk, Inc
Figure 10-24, screenshot of new installation of MediaWiki © 2020 Cisco Systems, Inc
Figure 10-31, screenshot of Cisco Engineering and Software certification programs © 2020 Cisco Systems, Inc
Figure 10-32, screenshot of Cisco DevNet Sandbox Lab catalog of free labs © 2020 Cisco Systems, Inc
Figure 10-33, screenshot of Postman dashboard © 2020 Postman, Inc
Figure 10-34, screenshot of configuring Postman to communicate with a Cisco router © 2020 Postman, Inc
Figure 10-35, screenshot of configuration pulled into Postman example © 2020 Postman, Inc
Figure 11-5, Cisco SD-WAN dashboard example © 2020 Cisco Systems, Inc
Black and white portrait of fortune-teller with crystal ball © Aniriana/Shutterstock
Figure 11-9, article about the “Emily Williams” penetration test © 2020 Reed Exhibitions Ltd
Fortune Teller with Crystal ball © Pete Saloutos/Shutterstock
Figure 11-10, lab guide converted to Moodle © 2020 Cisco Systems, Inc
Figure 11-11, Khan Academy dashboard © 2020 Khan Academy
Woman fortuneteller with crystal ball in darkness © Konstantin Shevtsov/123rf.com
Seer working over glowing crystal ball © Phil McDonald/Shutterstock
Figure 11-22, Cisco DevNet Sandbox catalog of free DevOps labs © 2020 Cisco Systems, Inc