Book Image

Adversarial Tradecraft in Cybersecurity

By : Dan Borges
Book Image

Adversarial Tradecraft in Cybersecurity

By: Dan Borges

Overview of this book

Little has been written about what to do when live hackers are on your system and running amok. Even experienced hackers tend to choke up when they realize the network defender has caught them and is zoning in on their implants in real time. This book will provide tips and tricks all along the kill chain of an attack, showing where hackers can have the upper hand in a live conflict and how defenders can outsmart them in this adversarial game of computer cat and mouse. This book contains two subsections in each chapter, specifically focusing on the offensive and defensive teams. It begins by introducing you to adversarial operations and principles of computer conflict where you will explore the core principles of deception, humanity, economy, and more about human-on-human conflicts. Additionally, you will understand everything from planning to setting up infrastructure and tooling that both sides should have in place. Throughout this book, you will learn how to gain an advantage over opponents by disappearing from what they can detect. You will further understand how to blend in, uncover other actors’ motivations and means, and learn to tamper with them to hinder their ability to detect your presence. Finally, you will learn how to gain an advantage through advanced research and thoughtfully concluding an operation. By the end of this book, you will have achieved a solid understanding of cyberattacks from both an attacker’s and a defender’s perspective.

Related Content you might be interested in

Current Title:

Small book image
Adversarial Tradecraft in Cybersecurity
Dan Borges
Jun, 2021 | 246 pages
Small book image
Purple Team Strategies
Simon Thoores | David Routin | Samuel Rossier
Jun, 2022 | 450 pages
Small book image
Cybersecurity Attacks – Red Team Strategies
Johann Rehberger
Mar, 2020 | 524 pages
Small book image
Malware Analysis Techniques
Dylan Barker
Jun, 2021 | 282 pages
Table of Contents (11 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
1
Theory on Adversarial Operations and Principles of Computer Conflict
Theory on Adversarial Operations and Principles of Computer Conflict
Adversarial theory
Principles of computer conflict
Summary
References
Free Chapter
2
Preparing for Battle
Preparing for Battle
Essential considerations
Defensive perspective
Offensive perspective
Summary
References
3
Invisible is Best (Operating in Memory)
Invisible is Best (Operating in Memory)
Gaining the advantage
Offensive perspective
Defensive perspective
Summary
References
4
Blending In
Blending In
Offensive perspective
Defensive perspective
Summary
References
5
Active Manipulation
Active Manipulation
Offensive perspective
Defensive perspective
Summary
References
6
Real-Time Conflict
Real-Time Conflict
Offensive perspective
Defensive perspective
Summary
References
7
The Research Advantage
The Research Advantage
Gaming the game
Offensive perspective
Defensive perspective
Summary
References
8
Clearing the Field
Clearing the Field
Offensive perspective
Defensive perspective
Summary
References
9
Other Books You May Enjoy
Other Books You May Enjoy
10
Index
Index

To get the most out of this book

  • This book is designed to prepare cybersecurity practitioners for a real engagement or an attack and defense competition.
  • If you want to try any of the exploits or techniques in a lab setting, I recommend setting up VirtualBox with Kali Linux and Metasploitable 3.
  • Readers should be familiar with basic security assessment and hardening techniques, such as known vulnerability identification and patching.
  • Readers will also encounter a wide variety of languages in this book, such as Bash, PowerShell, Python, Ruby, and Go. Readers are encouraged to play with these programs and languages on their own, and to google language-specific operators they are unsure about.

Download the example code files

You can download the example code files for this book from: https://github.com/PacktPublishing/Adversarial-Tradecraft-in-Cybersecurity.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781801076203_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, and user input. For example, "Just make sure after you compile the older version of Nmap that you move it to its proper location in /usr/local/share/nmap/."

Italics: Indicates an important author, larger work, or emphasis on a particular point in the text. For example, "The logic for this largely comes from Jeff McJunkin's blog post where he explores ways to speed up large Nmap scans."

Bold: Indicates an important concept, important words, or principles that will be referenced more throughout the text. Bold is also used to highlight callbacks later to enforce the emphasis from a previous mention. For example, "Confidentiality is the ability to keep communications secret."

A block of code is set as follows:

  //Prep vars
  logFile := "log.txt";
  hostName, _ := os.Hostname();
  user, _ := user.Current();
  programName := os.Args[0];

Any command-line input or output is written as follows:

$ sudo tcpdump -i eth0 -tttt -s 0 -w outfile.pcap

The following symbols represent different command-line context:

  • $ for user level access on a Linux system
  • # for root level access on a Linux system
  • > for an Administrative Windows command prompt

Warnings or important notes appear like this.

Previous Section
Next Section