Book Image

Cybersecurity – Attack and Defense Strategies - Third Edition

By : Yuri Diogenes, Dr. Erdal Ozkaya
5 (2)
Book Image

Cybersecurity – Attack and Defense Strategies - Third Edition

5 (2)
By: Yuri Diogenes, Dr. Erdal Ozkaya

Overview of this book

Cybersecurity – Attack and Defense Strategies, Third Edition will bring you up to speed with the key aspects of threat assessment and security hygiene, the current threat landscape and its challenges, and how to maintain a strong security posture. In this carefully revised new edition, you will learn about the Zero Trust approach and the initial Incident Response process. You will gradually become familiar with Red Team tactics, where you will learn basic syntax for commonly used tools to perform the necessary operations. You will also learn how to apply newer Red Team techniques with powerful tools. Simultaneously, Blue Team tactics are introduced to help you defend your system from complex cyber-attacks. This book provides a clear, in-depth understanding of attack/defense methods as well as patterns to recognize irregular behavior within your organization. Finally, you will learn how to analyze your network and address malware, while becoming familiar with mitigation and threat detection techniques. By the end of this cybersecurity book, you will have discovered the latest tools to enhance the security of your system, learned about the security controls you need, and understood how to carry out each step of the incident response process.

Related Content you might be interested in

Current Title:

Small book image
Cybersecurity – Attack and Defense Strategies - Third Edition
Yuri Diogenes | Dr. Erdal Ozkaya
Sep, 2022 | 570 pages
Small book image
Incident Response in the Age of Cloud
Erdal Ozkaya
Feb, 2021 | 622 pages
Small book image
Hands-On Cybersecurity for Finance
Erdal Ozkaya | Milad Aslaner
Jan, 2019 | 308 pages
Small book image
Cybersecurity Leadership Demystified
Erdal Ozkaya
Jan, 2022 | 274 pages
Table of Contents (20 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
1
Security Posture
Security Posture
Why security hygiene should be your number one priority
The current threat landscape
Cybersecurity challenges
Enhancing your security posture
The Red and Blue Teams
Summary
References
Free Chapter
2
Incident Response Process
Incident Response Process
The incident response process
Handling an incident
Post-incident activity
Considerations for incident response in the cloud
Summary
References
3
What is a Cyber Strategy?
What is a Cyber Strategy?
How to build a cyber strategy
Why do we need to build a cyber strategy?
Best cyber attack strategies
Best cyber defense strategies
Benefits of having a proactive cybersecurity strategy
Top cybersecurity strategies for businesses
Conclusion
Further reading
4
Understanding the Cybersecurity Kill Chain
Understanding the Cybersecurity Kill Chain
Understanding the Cyber Kill Chain
Security controls used to stop the Cyber Kill Chain
Threat life cycle management
Concerns about the Cybersecurity Kill Chain
How the Cyber Kill Chain has evolved
Tools used during the Cyber Kill Chain
Comodo AEP via Dragon Platform
Summary
Further reading
References
5
Reconnaissance
Reconnaissance
External reconnaissance
Internal reconnaissance
Tools used for reconnaissance
Passive vs. active reconnaissance
How to combat reconnaissance
How to prevent reconnaissance
Summary
References
6
Compromising the System
Compromising the System
Analyzing current trends
Performing the steps to compromise a system
Mobile phone (iOS/Android) attacks
Summary
Further reading
References
7
Chasing a User’s Identity
Chasing a User’s Identity
Identity is the new perimeter
Strategies for compromising a user’s identity
Summary
References
8
Lateral Movement
Lateral Movement
Infiltration
Network mapping
Performing lateral movement
Summary
Further reading
References
9
Privilege Escalation
Privilege Escalation
Infiltration
Summary
References
10
Security Policy
Security Policy
Reviewing your security policy
Educating the end user
Policy enforcement
Monitoring for compliance
Continuously driving security posture enhancement via security policy
Summary
References
11
Network Security
Network Security
The defense-in-depth approach
Physical network segmentation
Securing remote access to the network
Virtual network segmentation
Zero trust network
Hybrid cloud network security
Summary
References
12
Active Sensors
Active Sensors
Detection capabilities
Intrusion detection systems
Intrusion prevention system
Behavior analytics on-premises
Behavior analytics in a hybrid cloud
Summary
References
13
Threat Intelligence
Threat Intelligence
Introduction to threat intelligence
Open-source tools for threat intelligence
Microsoft threat intelligence
Summary
References
14
Investigating an Incident
Investigating an Incident
Scoping the issue
Investigating a compromised system on-premises
Investigating a compromised system in a hybrid cloud
Proactive investigation (threat hunting)
Lessons learned
Summary
References
15
Recovery Process
Recovery Process
Disaster recovery plan
Live recovery
Contingency planning
Business continuity plan
Best practices for disaster recovery
Summary
Further reading
References
16
Vulnerability Management
Vulnerability Management
Creating a vulnerability management strategy
Elements of a vulnerability strategy
Differences between vulnerability management and vulnerability assessment
Best practices for vulnerability management
Vulnerability management tools
Conclusion
Summary
Further reading
References
17
Log Analysis
Log Analysis
Data correlation
Operating system logs
Firewall logs
Web server logs
Amazon Web Services (AWS) logs
Azure Activity logs
Google Cloud Platform Logs
Summary
References
18
Other Books You May Enjoy
Other Books You May Enjoy
19
Index
Index

Investigating a compromised system in a hybrid cloud

For this hybrid scenario, the compromised system will be located on-premises and the company has a cloud-based monitoring system, which for the purpose of this example will be Microsoft Defender for Cloud. For this scenario, the SecOps team is consuming the alerts generated by Microsoft Defender for Cloud and they received the following alert:

Graphical user interface, text, application Description automatically generated

Figure 14.8: Suspicious PowerShell script alert

This is a brief description of the alert, and once the SecOps analyst expands this alert, they will see all the details, which includes information about the suspicious PowerShell command as shown in Figure 14.9:

Graphical user interface, text, application, email Description automatically generated

Figure 14.9: Details about the alert

If you look closely at the suspicious command line, you will see that this is a PowerShell base64 encoded string, which is a technique documented at MITRE ATT&CK T1059.001 (attack.mitre.org/techniques/T1059/001). Although this is considered a valid and benign command...

Previous Section
End of Section 4
Next Section