Cybersecurity – Attack and Defense Strategies - Second Edition

By : Yuri Diogenes, Dr. Erdal Ozkaya

Cybersecurity – Attack and Defense Strategies - Second Edition

By: Yuri Diogenes, Dr. Erdal Ozkaya

Overview of this book

Cybersecurity – Attack and Defense Strategies, Second Edition is a completely revised new edition of the bestselling book, covering the very latest security threats and defense mechanisms including a detailed overview of Cloud Security Posture Management (CSPM) and an assessment of the current threat landscape, with additional focus on new IoT threats and cryptomining. Cybersecurity starts with the basics that organizations need to know to maintain a secure posture against outside threat and design a robust cybersecurity program. It takes you into the mindset of a Threat Actor to help you better understand the motivation and the steps of performing an actual attack – the Cybersecurity kill chain. You will gain hands-on experience in implementing cybersecurity using new techniques in reconnaissance and chasing a user’s identity that will enable you to discover how a system is compromised, and identify and then exploit the vulnerabilities in your own system. This book also focuses on defense strategies to enhance the security of a system. You will also discover in-depth tools, including Azure Sentinel, to ensure there are security controls in each network layer, and how to carry out the recovery process of a compromised system.

Preface

Who this book is for

What this book covers

To get the most out of this book

Get in touch

Free Chapter

Security Posture

The current threat landscape

The credentials – authentication and authorization

Apps

Cybersecurity challenges

Enhancing your security posture

The Red and Blue Teams

Summary

References

Incident Response Process

The incident response process

Handling an incident

Post-incident activity

Incident response in the cloud

Summary

References

What is a Cyber Strategy?

Introduction

Why do we need to build a cyber strategy?

How to build a cyber strategy

Best cyber attack strategies (Red Team)

Best cyber defense strategies (Blue Team)

Summary

Further reading

Understanding the Cybersecurity Kill Chain

Introducing the Cyber Kill Chain

Threat Life Cycle Management

Tools used in the Cyber Kill Chain Phases

Cybersecurity Kill Chain Summary

Lab – Hacking Wireless Network/s via Evil Twin Attack

Lab Summary

References

Further reading

Reconnaissance

External reconnaissance

Web Browser Enumeration Tools

Internal reconnaissance

Summary

LAB

References

Compromising the System

Analyzing current trends

Phishing

Exploiting a vulnerability

Zero-day

Performing the steps to compromise a system

Mobile phone (iOS / Android attacks)

Lab

Lab 2: Hack those websites (legally!)

Summary

References

Further reading

Chasing a User's Identity

Identity is the new perimeter

Strategies for compromising a user's identity

Summary

Lateral Movement

Performing lateral movement

Lab

Summary

Privilege Escalation

Performing Privilege Escalation

Hands-on example of Privilege Escalation on a Windows target

Privilege escalation techniques

Windows Boot Sequence

Conclusion and lessons learned

Summary

Lab 1

Lab 2

Lab 3: HackTheBox

References

Security Policy

Reviewing your security policy

Educating the end user

Policy enforcement

Monitoring for compliance

Continuously driving security posture enhancement via security policy

Summary

References

Network Segmentation

The defense in depth approach

Physical network segmentation

Securing remote access to the network

Virtual network segmentation

Zero trust network

Hybrid cloud network security

Summary

Ref

Active Sensors

Detection capabilities

Intrusion detection systems

Intrusion prevention system

Behavior analytics on-premises

Behavior analytics in a hybrid cloud

Summary

References

Threat Intelligence

Introduction to threat intelligence

Open source tools for threat intelligence

Microsoft threat intelligence

Leveraging threat intelligence to investigate suspicious activity

Summary

References

Investigating an Incident

Scoping the issue

Investigating a compromised system on-premises

Investigating a compromised system in a hybrid cloud

Proactive investigation (threat hunting)

Lessons learned

Summary

References

Recovery Process

Disaster recovery plan

Contingency planning

Live recovery

Best practices for recovery planning

Disaster recovery best practices

Summary

Resources for DR Planning

References

Further reading

Vulnerability Management

Creating a vulnerability management strategy

Vulnerability management tools

Implementation of vulnerability management

Best practices for vulnerability management

Vulnerability management tools

Implementing vulnerability management with Nessus

LABS

Summary

References

Log Analysis

Data correlation

Operating system logs

Firewall logs

Web server logs

Amazon Web Services (AWS) logs

Azure Activity logs

Summary

References

Other Books You May Enjoy

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

The credentials – authentication and authorization

According to Verizon's 2017 Data Breach Investigations Report [9], the association between threat actor (or just actor), their motives, and their modus operandi vary according to the industry. However, the report states that stolen credentials are the preferred attack vector for financial motivation or organized crime. This data is very important, because it shows that threat actors are going after user's credentials, which leads to the conclusion that companies must focus specifically on authentication and authorization of users and their access rights.

The industry has agreed that a user's identity is the new perimeter. This requires security controls specifically designed to authenticate and authorize individuals based on their job and need for specific data within the network. Credential theft could be just the first step to enable cybercriminals to have access to your system. Having a valid user account in the network will enable them to move laterally (pivot), and at some point find the right opportunity to escalate privilege to a domain administrator account. For this reason, applying the old concept of defense in depth is still a good strategy to protect a user's identity, as shown in the following diagram:

Figure 2: Multi-layer protection for identity

In the previous diagram there are multiple layers of protection, starting with the regular security policy enforcement for accounts, which follow industry best practices such as strong password requirements, including frequent password changes and high password strength.

Another growing trend to protect user identities is to enforce MFA. One method that is seeing increased adoption is the callback feature, where the user initially authenticates using his/her credentials (username and password), and receives a call to enter their PIN. If both authentication factors succeed, they are authorized to access the system or network. We are going to explore this topic in greater detail in Chapter 7, Chasing a User's Identity. Another important layer is continuous monitoring, because at the end of the day, it doesn't matter having all layers of security controls if you are not actively monitoring your identity to understand the normal behavior, and identify suspicious activities. We will cover this in more detail in Chapter 12, Active Sensors.

Cybersecurity – Attack and Defense Strategies - Second Edition

By : Yuri Diogenes, Dr. Erdal Ozkaya

Cybersecurity – Attack and Defense Strategies - Second Edition

By: Yuri Diogenes, Dr. Erdal Ozkaya

Overview of this book

Related Content you might be interested in

Current Title:

Cybersecurity – Attack and Defense Strategies - Second Edition

Incident Response in the Age of Cloud

Hands-On Cybersecurity for Finance

Learn Social Engineering

The credentials – authentication and authorization