Cybersecurity – Attack and Defense Strategies: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system, 3rd Edition
- Length: 689 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2022-10-11
- ISBN-10: 1803248777
- ISBN-13: 9781803248776
- Sales Rank: #1447309 (See Top 100 Books)
Updated edition of the bestselling guide for planning attack and defense strategies based on the current threat landscape
Key Features
- Updated for ransomware prevention, security posture management in multi-cloud, Microsoft Defender for Cloud, MITRE ATT&CK Framework, and more
- Explore the latest tools for ethical hacking, pentesting, and Red/Blue teaming
- Includes recent real-world examples to illustrate the best practices to improve security posture
Book Description
Cybersecurity – Attack and Defense Strategies, Third Edition will bring you up to speed with the key aspects of threat assessment and security hygiene, the current threat landscape and its challenges, and how to maintain a strong security posture.
In this carefully revised new edition, you will learn about the Zero Trust approach and the initial Incident Response process. You will gradually become familiar with Red Team tactics, where you will learn basic syntax for commonly used tools to perform the necessary operations. You will also learn how to apply newer Red Team techniques with powerful tools. Simultaneously, Blue Team tactics are introduced to help you defend your system from complex cyber-attacks. This book provides a clear, in-depth understanding of attack/defense methods as well as patterns to recognize irregular behavior within your organization. Finally, you will learn how to analyze your network and address malware, while becoming familiar with mitigation and threat detection techniques.
By the end of this cybersecurity book, you will have discovered the latest tools to enhance the security of your system, learned about the security controls you need, and understood how to carry out each step of the incident response process.
What you will learn
- Learn to mitigate, recover from, and prevent future cybersecurity events
- Understand security hygiene and value of prioritizing protection of your workloads
- Explore physical and virtual network segmentation, cloud network visibility, and Zero Trust considerations
- Adopt new methods to gather cyber intelligence, identify risk, and demonstrate impact with Red/Blue Team strategies
- Explore legendary tools such as Nmap and Metasploit to supercharge your Red Team
- Discover identity security and how to perform policy enforcement
- Integrate threat detection systems into your SIEM solutions
- Discover the MITRE ATT&CK Framework and open-source tools to gather intelligence
Who This Book Is For
If you are an IT security professional who wants to venture deeper into cybersecurity domains, this book is for you. Cloud security administrators, IT pentesters, security consultants, and ethical hackers will also find this book useful. Basic understanding of operating systems, computer networking, and web applications will be helpful.
Cybersecurity – Attack and Defense Strategies, Third Edition: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system 1 Security Posture Feedback Why security hygiene should be your number one priority The current threat landscape Supply chain attacks Ransomware The credentials – authentication and authorization Apps Data Cybersecurity challenges Old techniques and broader results The shift in the threat landscape Enhancing your security posture Zero Trust Cloud Security Posture Management Multi-cloud The Red and Blue Teams Assume breach Summary References 2 Incident Response Process Feedback The incident response process Reasons to have an IR process in place Creating an incident response process Incident response team Incident life cycle Handling an incident Incident handling checklist Post-incident activity Real-world scenario 1 Lessons learned for scenario 1 Real-world scenario 2 Lessons learned for scenario 2 Considerations for incident response in the cloud Updating your IR process to include the cloud Appropriate toolset IR process from the Cloud Solution Provider (CSP) perspective Summary References 3 What is a Cyber Strategy? Feedback How to build a cyber strategy 1 - Understand the business 2 - Understand the threats and risks 3 – Proper documentation Why do we need to build a cyber strategy? Best cyber-attack strategies External testing strategies Internal testing strategies Blind testing strategy Targeted testing strategy Best cyber defense strategies Defense in depth Defense in breadth Benefits of having a proactive cyber-security strategy Top cyber-security strategies for businesses Training employees about security principles Protecting networks, information, and computers from viruses, malicious code, and spyware Having firewall security for all internet connections Using software updates Using backup copies Implementing physical restrictions Securing Wi-Fi networks Changing passwords Limiting access for employees Using unique user accounts Conclusion Further reading 4 Understanding the Cybersecurity Kill Chain Feedback Understanding the Cyber Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command and Control Actions on Objectives Obfuscation Security controls used to stop the Cyber kill chain Use of UEBA Security awareness Threat life cycle management Forensic data collection Discovery Qualification Investigation Neutralization Recovery Concerns about the Cybersecurity Kill chain How the Cyber Kill Chain has evolved Tools used during the Cyber Kill Chain Metasploit Twint Nikto Kismet Sparta John the Ripper Hydra Aircrack-ng Airgeddon Deauther Board HoboCopy EvilOSX Comodo AEP via Dragon Platform Preparation phase Intrusion phase Active Breach phase Summary Further Reading References 5 Reconnaissance Feedback External reconnaissance Scanning a target’s social media Dumpster diving Social engineering Internal reconnaissance Tools used for reconnaissance External reconnaissance tools Internal reconnaissance tools Airgraph-ng Wardriving Hak5 Plunder Bug Passive vs active reconnaissance How to combat reconnaissance How to prevent reconnaissance Summary References 6 Compromising the System Feedback Analyzing current trends Extortion attacks Data manipulation attacks IoT device attacks Backdoors Hacking everyday devices Hacking the cloud Phishing Zero-day Performing the steps to compromise a system Mobile Phone (iOS / Android Attacks) Exodus SensorID iPhone hack by Cellebrite Man-in-the-disk Spearphone (Loudspeaker data capture on Android) Tap n Ghost Red and Blue Team Tools for Mobile Devices Summary Further reading 7 Chasing a User's Identity Feedback Identity is the new perimeter Credentials and automation Strategies for compromising a user's identity Gaining access to the network Harvesting credentials Hacking a user's identity Brute force Social engineering Pass the hash Identity theft through mobile devices Other methods for hacking an identity Summary References 8 Lateral Movement Feedback Infiltration Network mapping Scan, close/block, and Fix Blocking and Slowing down Detecting Nmap Scans Use of Clever tricks Performing lateral movement Stage 1 - User Compromised (User Action) Stage 2 – Workstation Admin Access (User = Admin) Think like a Hacker Avoiding alerts Port scans Sysinternals File shares Windows DCOM Remote Desktop PowerShell Windows Management Instrumentation Scheduled tasks Token stealing Stolen credentials Removable media Tainted Shared Content Remote Registry TeamViewer Application Deployment Network Sniffing ARP spoofing AppleScript and IPC (OSX) Breached host analysis Central administrator consoles Email pillaging Active Directory Admin shares Pass the Ticket Pass-the-hash (PtH) WinLogon Lsass.exe Process Summary Further Reading References 9 Privilege Escalation Feedback Infiltration Avoiding alerts Performing privilege escalation Dumping the SAM file Rooting Android Using the /etc/passwd file Extra window memory injection Hooking Scheduled tasks New services Startup items Sudo caching Conclusion and lessons learned Summary References 10 Security Policy Feedback Reviewing your security policy Shift-left approach Educating the end user Social media security guidelines for users Security awareness training Policy enforcement Policies in the cloud Application whitelisting Hardening Monitoring for compliance Automations Continuously driving security posture enhancement via a security policy Summary References 11 Network Security Feedback The defense-in-depth approach Infrastructure and services Documents in transit Endpoints Microsegmentation Physical network segmentation Discovering your network with a network mapping tool Securing remote access to the network Site-to-site VPN Virtual network segmentation Zero trust network Planning zero trust network adoption Hybrid cloud network security Cloud network visibility Summary Reference 12 Active Sensors Feedback Detection capabilities Indicators of compromise Intrusion detection systems Intrusion prevention system Rule-based detection Anomaly-based detection Behavior analytics on-premises Device placement Behavior analytics in a hybrid cloud Microsoft Defender for Cloud Analytics for PaaS workloads Summary References 13 Threat Intelligence Feedback Introduction to threat intelligence Open-source tools for threat intelligence Free threat intelligence feeds Using MITRE ATT&CK Microsoft threat intelligence Microsoft Sentinel Summary References 14 Investigating an Incident Feedback Scoping the issue Key artifacts Investigating a compromised system on-premises Investigating a compromised system in a hybrid cloud Integrating Defender for Cloud with your SIEM for Investigation Proactive investigation (threat hunting) Lessons learned Summary References 15 Recovery Process Feedback Disaster recovery plan Live recovery Contingency planning Business Continuity Plan Summary Further reading Resources for DR Planning 16 Vulnerability Management Feedback Creating a vulnerability management strategy Asset inventory Information management Risk assessment Vulnerability assessment Reporting and remediation tracking Response planning Vulnerability management tools Implementation of vulnerability management Elements of a Vulnerability Strategy Differences between vulnerability Management and Vulnerability Assessment Best practices for vulnerability management Vulnerability strategies examples Vulnerability management tools Intruder Patch Manager Plus Windows Server Update Services (WSUS) Comodo Dragon Platfrom InsightVM Azure Threat & Vulnerability Management Implementing vulnerability management with Nessus OpenVAS Qualys Acunetix Conclusion Summary Further Reading 17 Log Analysis Feedback Data correlation Operating system logs Windows logs Linux logs Firewall logs Web server logs Amazon Web Services (AWS) logs Accessing AWS logs from Microsoft Sentinel Azure Activity logs Accessing Azure Activity logs from Microsoft Sentinel Google Cloud Platform Logs Summary References
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Cybersecurity – Attack and Defense Strategies: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system, 3rd Edition
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.